· 6 years ago · Aug 12, 2019, 06:08 AM
1#######################################################################################################################################
2=======================================================================================================================================
3Hostname www.fg.gov.sa ISP Saudi Telecom Company JSC
4Continent Asia Flag
5SA
6Country Saudi Arabia Country Code SA
7Region Ar Riyāḑ Local time 12 Aug 2019 07:29 +03
8City Riyadh Postal Code Unknown
9IP Address 84.235.47.103 Latitude 24.654
10 Longitude 46.715
11===================================================================================================================================
12#######################################################################################################################################
13> www.fg.gov.sa
14Server: 38.132.106.139
15Address: 38.132.106.139#53
16
17Non-authoritative answer:
18www.fg.gov.sa canonical name = fg.gov.sa.
19Name: fg.gov.sa
20Address: 84.235.47.103
21Name: fg.gov.sa
22Address: 87.101.230.92
23>
24#######################################################################################################################################
25[+] Target : www.fg.gov.sa
26
27[+] IP Address : 84.235.47.103
28
29[+] Headers :
30
31[+] Cache-Control : private
32[+] Content-Length : 17941
33[+] Content-Type : text/html; charset=utf-8
34[+] Content-Encoding : gzip
35[+] Vary : Accept-Encoding
36[+] Server : XXXXXXXXXXXXXXXXXX
37[+] X-AspNet-Version : XXXXXXXXXX
38[+] X-Powered-By : XXXXXXXX, XXXXXXXX, XXXXXXXX
39[+] Date : Mon, 12 Aug 2019 04:33:24 GMT
40
41[+] SSL Certificate Information :
42
43[+] countryName : SA
44[+] localityName : Riyadh
45[+] organizationName : General Directorate of Border Guards
46[+] commonName : fg.gov.sa
47[+] countryName : US
48[+] organizationName : DigiCert Inc
49[+] commonName : DigiCert SHA2 Secure Server CA
50[+] Version : 3
51[+] Serial Number : 08A1620F7ECCE408F7468EC97E7BB32D
52[+] Not Before : Mar 25 00:00:00 2019 GMT
53[+] Not After : Apr 1 12:00:00 2020 GMT
54[+] OCSP : ('http://ocsp.digicert.com',)
55[+] subject Alt Name : (('DNS', 'fg.gov.sa'), ('DNS', 'www.fg.gov.sa'), ('DNS', 'mnmc.med.sa'), ('DNS', 'www.mnmc.med.sa'), ('DNS', 'jobs.fg.gov.sa'))
56[+] CA Issuers : ('http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt',)
57[+] CRL Distribution Points : ('http://crl3.digicert.com/ssca-sha2-g6.crl', 'http://crl4.digicert.com/ssca-sha2-g6.crl')
58
59[+] Whois Lookup :
60
61[+] NIR : None
62[+] ASN Registry : ripencc
63[+] ASN : 25019
64[+] ASN CIDR : 84.235.40.0/21
65[+] ASN Country Code : SA
66[+] ASN Date : 2004-06-16
67[+] ASN Description : SAUDINETSTC-AS, SA
68[+] cidr : 84.235.44.0/22
69[+] name : SAUDINET-LL-CUSTOMERS
70[+] handle : STCR1-RIPE
71[+] range : 84.235.44.0 - 84.235.47.255
72[+] description : Assigned for SaudiNet Leased Line Customers in Riyadh
73[+] country : SA
74[+] state : None
75[+] city : None
76[+] address : STC complex, murslat, Riyadh
77P.O.Box: 295997
78Riyadh 11351
79Saudi Arabia
80[+] postal_code : None
81[+] emails : ['registry@stc.com.sa']
82[+] created : 2011-04-03T09:29:38Z
83[+] updated : 2011-04-03T09:29:38Z
84
85[+] Crawling Target...
86
87[+] Looking for robots.txt........[ Not Found ]
88[+] Looking for sitemap.xml.......[ Not Found ]
89[+] Extracting CSS Links..........[ 3 ]
90[+] Extracting Javascript Links...[ 10 ]
91[+] Extracting Internal Links.....[ 0 ]
92[+] Extracting External Links.....[ 22 ]
93[+] Extracting Images.............[ 62 ]
94
95[+] Total Links Extracted : 97
96
97[+] Dumping Links in /opt/FinalRecon/dumps/www.fg.gov.sa.dump
98[+] Completed!
99######################################################################################################################################
100[+] Starting At 2019-08-12 00:39:49.364381
101[+] Collecting Information On: https://www.fg.gov.sa/Arabic/
102[#] Status: 200
103--------------------------------------------------
104[#] Web Server Detected: XXXXXXXXXXXXXXXXXX
105[#] X-Powered-By: XXXXXXXX, XXXXXXXX, XXXXXXXX
106[!] X-Frame-Options Headers not detect! target might be vulnerable Click Jacking
107- Cache-Control: private
108- Content-Length: 20075
109- Content-Type: text/html; charset=utf-8
110- Content-Encoding: gzip
111- Vary: Accept-Encoding
112- Server: XXXXXXXXXXXXXXXXXX
113- X-AspNet-Version: XXXXXXXXXX
114- X-Powered-By: XXXXXXXX, XXXXXXXX, XXXXXXXX
115- Date: Mon, 12 Aug 2019 04:38:13 GMT
116- Set-Cookie: cookiesession1=4F9A58224M9RLURSMMSKM6JF7HRE746A;Path=/;HttpOnly
117--------------------------------------------------
118[#] Finding Location..!
119[#] as: AS35753 Integrated Telecom Co. Ltd
120[#] city: Riyadh
121[#] country: Saudi Arabia
122[#] countryCode: SA
123[#] isp: Integrated Telecom Co. Ltd
124[#] lat: 24.682
125[#] lon: 46.7074
126[#] org: Integrated Telecom Co. Ltd
127[#] query: 87.101.230.92
128[#] region: 01
129[#] regionName: Ar Riyāḑ
130[#] status: success
131[#] timezone: Asia/Riyadh
132[#] zip:
133--------------------------------------------------
134[+] Detected WAF Presence in web application: ASP.NET Generic Web Application Protection
135--------------------------------------------------
136[#] Starting Reverse DNS
137[-] Failed ! Fail
138--------------------------------------------------
139[!] Scanning Open Port
140[#] 80/tcp open http
141[#] 443/tcp open https
142--------------------------------------------------
143[+] Collecting Information Disclosure!
144[#] Detecting sitemap.xml file
145[-] sitemap.xml file not Found!?
146[#] Detecting robots.txt file
147[-] robots.txt file not Found!?
148[#] Detecting GNU Mailman
149[-] GNU Mailman App Not Detected!?
150--------------------------------------------------
151[+] Crawling Url Parameter On: https://www.fg.gov.sa/Arabic/
152--------------------------------------------------
153[#] Searching Html Form !
154[+] Html Form Discovered
155[#] action: /Arabic/default.aspx
156[#] class: None
157[#] id: aspnetForm
158[#] method: post
159--------------------------------------------------
160[!] Found 26 dom parameter
161[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$LinkButton1','')
162[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$LinkButton_English','')
163[#] https://www.fg.gov.sa/Arabic//#
164[#] https://www.fg.gov.sa/Arabic//#
165[#] https://www.fg.gov.sa/Arabic//#
166[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$ContentPlaceHolder1$Repeater2$ctl00$LinkButton1','')
167[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$ContentPlaceHolder1$Repeater2$ctl01$LinkButton1','')
168[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$ContentPlaceHolder1$Repeater2$ctl02$LinkButton1','')
169[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$ContentPlaceHolder1$Repeater2$ctl03$LinkButton1','')
170[#] https://www.fg.gov.sa/Arabic//javascript:__doPostBack('ctl00$ContentPlaceHolder1$Repeater2$ctl04$LinkButton1','')
171[#] https://www.fg.gov.sa/Arabic//#
172[#] https://www.fg.gov.sa/Arabic//#
173[#] https://www.fg.gov.sa/Arabic//#
174[#] https://www.fg.gov.sa/Arabic//#
175[#] https://www.fg.gov.sa/Arabic//#
176[#] https://www.fg.gov.sa/Arabic//#
177[#] https://www.fg.gov.sa/Arabic//#
178[#] https://www.fg.gov.sa/Arabic//#
179[#] https://www.fg.gov.sa/Arabic//#
180[#] https://www.fg.gov.sa/Arabic//#
181[#] https://www.fg.gov.sa/Arabic//#
182[#] https://www.fg.gov.sa/Arabic//#
183[#] https://www.fg.gov.sa/Arabic//#
184[#] https://www.fg.gov.sa/Arabic//#
185[#] https://www.fg.gov.sa/Arabic//#
186[#] https://www.fg.gov.sa/Arabic//#
187--------------------------------------------------
188[-] No internal Dynamic Parameter Found!?
189--------------------------------------------------
190[!] 3 External Dynamic Parameter Discovered
191[#] https://itunes.apple.com/lb/app/%D8%AE%D8%AF%D9%85%D8%A7%D8%AA%D9%8A-%D8%AD%D8%B1%D8%B3-%D8%A7%D9%84%D8%AD%D8%AF%D9%88%D8%AF-%D8%A7%D9%84%D8%B3%D8%B9%D9%88%D8%AF%D9%8A/id1096661299?mt=8
192[#] https://play.google.com/store/apps/details?id=sa.gov.fg.etrMobile
193[#] https://twitter.com/BG994?ref_src=twsrc%5Etfw
194--------------------------------------------------
195[!] 54 Internal links Discovered
196[+] https://www.fg.gov.sa/Arabic//../images/animated_favicon.ico
197[+] https://www.fg.gov.sa/Arabic//../images/animated_favicon.gif
198[+] https://www.fg.gov.sa/Arabic//../CSS/Style_Arabic.css
199[+] https://www.fg.gov.sa/Arabic//../CSS/MENU.css
200[+] https://www.fg.gov.sa/Arabic//../CSS/bootstrap.min.css
201[+] https://www.fg.gov.sa/Arabic//BorderPermissionRequestWF.aspx
202[+] https://www.fg.gov.sa/Arabic//contactus.aspx
203[+] https://www.fg.gov.sa/Arabic//Default.aspx
204[+] https://www.fg.gov.sa/Arabic//Default.aspx
205[+] https://www.fg.gov.sa/Arabic//AboutUs.aspx
206[+] https://www.fg.gov.sa/Arabic//Tasks.aspx
207[+] https://www.fg.gov.sa/Arabic//Managers.aspx
208[+] https://www.fg.gov.sa/Arabic//BorderCrossings.aspx
209[+] https://www.fg.gov.sa/Arabic//UniForms.aspx
210[+] https://www.fg.gov.sa/Arabic//Regions.aspx
211[+] https://jobs.fg.gov.sa
212[+] https://eservices.fg.gov.sa/ETransactions
213[+] https://eservices.fg.gov.sa/EReservation
214[+] https://eservices.fg.gov.sa/ETransactions
215[+] https://eservices.fg.gov.sa/WCV
216[+] https://www.fg.gov.sa/Arabic//BorderPermissionRequestCompany.aspx
217[+] https://www.fg.gov.sa/Arabic//SearchEmployee.aspx
218[+] https://www.fg.gov.sa/Arabic//FishingAndSwimming.aspx
219[+] https://www.fg.gov.sa/Arabic//News.aspx
220[+] https://www.fg.gov.sa/Arabic//DigitalLibrary.aspx
221[+] https://www.fg.gov.sa/Arabic//Magazines.aspx
222[+] https://www.fg.gov.sa/Arabic//PressNews.aspx
223[+] https://www.fg.gov.sa/Arabic//Statistics.aspx
224[+] https://mail.fg.gov.sa/
225[+] https://www.fg.gov.sa/Arabic//DutyMartyrs.aspx
226[+] https://www.fg.gov.sa/Arabic//ContactUs.aspx
227[+] https://jobs.fg.gov.sa/
228[+] https://eservices.fg.gov.sa/ETransactions
229[+] https://eservices.fg.gov.sa/ETransactions
230[+] https://eservices.fg.gov.sa/WCV
231[+] https://www.fg.gov.sa/Arabic//NationalPlanforMarineDisasters.aspx
232[+] https://www.fg.gov.sa/Arabic//NationalPlanforMarineDisasters.aspx
233[+] https://www.fg.gov.sa/Arabic//NationalPlanforMarineDisasters.aspx
234[+] https://www.fg.gov.sa/Arabic//MaritimeSafety.aspx
235[+] https://www.fg.gov.sa/Arabic//MaritimeSafety.aspx
236[+] https://www.fg.gov.sa/Arabic//MaritimeSafety.aspx
237[+] https://www.fg.gov.sa/Arabic//Rules.aspx
238[+] https://www.fg.gov.sa/Arabic//Rules.aspx
239[+] https://www.fg.gov.sa/Arabic//Rules.aspx
240[+] https://www.fg.gov.sa/Arabic//Tenders.aspx
241[+] https://mail.fg.gov.sa/
242[+] https://www.fg.gov.sa/Arabic//OpenData.aspx
243[+] https://www.fg.gov.sa/Arabic//Magazines.aspx
244[+] https://www.fg.gov.sa/Arabic//ImportantContacts.aspx
245[+] https://www.fg.gov.sa/Arabic//Disclaimer.aspx
246[+] https://www.fg.gov.sa/Arabic//PrivacyPolicy.aspx
247[+] https://www.fg.gov.sa/Arabic//SLA.aspx
248[+] https://www.fg.gov.sa/Arabic//ContactUs.aspx
249[+] https://www.fg.gov.sa/Arabic//Weather.aspx
250--------------------------------------------------
251[!] 6 External links Discovered
252[#] http://www.twitter.com/bg994/
253[#] http://www.youtube.com/bg994/
254[#] https://www.zawil.com.sa
255[#] https://www.zawil.com.sa
256[#] http://www.youtube.com/bg994/
257[#] http://www.twitter.com/bg994/
258--------------------------------------------------
259[#] Mapping Subdomain..
260[!] Found 7 Subdomain
261- eservices.fg.gov.sa
262- fg.gov.sa
263- jobs.fg.gov.sa
264- mail.fg.gov.sa
265- autodiscover.fg.gov.sa
266- mhr.fg.gov.sa
267- workplace.fg.gov.sa
268--------------------------------------------------
269[!] Done At 2019-08-12 00:40:14.441776
270#######################################################################################################################################
271[i] Scanning Site: https://www.fg.gov.sa
272
273
274
275B A S I C I N F O
276====================
277
278
279[+] Site Title:
280 المديرية العامة لحرس الحدود السعودي
281
282[+] IP address: 84.235.47.103
283[+] Web Server: XXXXXXXXXXXXXXXXXX
284[+] CMS: Could Not Detect
285[+] Cloudflare: Not Detected
286[+] Robots File: Could NOT Find robots.txt!
287
288
289
290
291W H O I S L O O K U P
292========================
293
294 % SaudiNIC Whois server.
295% Rights restricted by copyright.
296% http://nic.sa/en/view/whois-cmd-copyright
297
298Domain Name: fg.gov.sa
299
300 Registrant:
301 MOI-Directorate of Frontier Guard وزارة الداخلية-حرس الحدود
302 Address: لا يوجد
303 Riyadh الرياض
304 Saudi Arabia المملكة العربية السعودية
305
306 Administrative Contact:
307 Fahad Alotaibi
308 Address: *******
309 *************
310 *************************************
311
312 Technical Contact:
313 فهد مسلط **************
314 Address: ******************
315 ******
316 ************************
317
318 Name Servers:
319 ns1.p05.dynect.net
320 ns2.p05.dynect.net
321 ns3.p05.dynect.net
322 ns4.p05.dynect.net
323
324Created on: 2005-04-20
325Last Updated on: 2015-07-03
326
327
328
329
330
331G E O I P L O O K U P
332=========================
333
334[i] IP Address: 84.235.47.103
335[i] Country: Saudi Arabia
336[i] State: Ar Riyad
337[i] City: Riyadh
338[i] Latitude: 24.6537
339[i] Longitude: 46.7152
340
341
342
343
344H T T P H E A D E R S
345=======================
346
347
348[i] HTTP/1.1 302 Found
349[i] Cache-Control: private
350[i] Content-Length: 125
351[i] Content-Type: text/html; charset=utf-8
352[i] Location: /Arabic/
353[i] Server:XXXXXXXXXXXXXXXXXX
354[i] X-AspNet-Version:XXXXXXXXXX
355[i] X-Powered-By: ASP.NET
356[i] X-Powered-By: ARR/2.5
357[i] X-Powered-By: ASP.NET
358[i] Date: Mon, 12 Aug 2019 04:33:43 GMT
359[i] Connection: close
360[i] Set-Cookie: cookiesession1=4F9A5822QPS62EUELDCELUNGAM3HD9C0;Path=/;HttpOnly
361[i] HTTP/1.1 200 OK
362[i] Cache-Control: private
363[i] Content-Length: 70633
364[i] Content-Type: text/html; charset=utf-8
365[i] Server:XXXXXXXXXXXXXXXXXX
366[i] X-AspNet-Version:XXXXXXXXXX
367[i] X-Powered-By:XXXXXXXX
368[i] X-Powered-By:XXXXXXXX
369[i] X-Powered-By:XXXXXXXX
370[i] Date: Mon, 12 Aug 2019 04:33:43 GMT
371[i] Connection: close
372[i] Set-Cookie: cookiesession1=4F9A5822AZTAI9H2TVERXQVWLI2GFEF9;Path=/;HttpOnly
373
374
375
376
377D N S L O O K U P
378===================
379
380fg.gov.sa. 21599 IN SOA ns1.p05.dynect.net. ajghamdi.fg.gov.sa. 379 3600 600 604800 900
381fg.gov.sa. 21599 IN NS ns1.p05.dynect.net.
382fg.gov.sa. 21599 IN NS ns4.p05.dynect.net.
383fg.gov.sa. 21599 IN NS ns2.p05.dynect.net.
384fg.gov.sa. 21599 IN NS ns3.p05.dynect.net.
385fg.gov.sa. 21599 IN A 84.235.47.103
386fg.gov.sa. 21599 IN A 87.101.230.92
387fg.gov.sa. 21599 IN PTR fg.gov.sa.
388fg.gov.sa. 21599 IN MX 10 mail.fg.gov.sa.
389fg.gov.sa. 21599 IN TXT "v=spf1 +mx +ip4:84.235.47.101 +ip4:87.101.225.218 -all"
390
391
392
393
394S U B N E T C A L C U L A T I O N
395====================================
396
397Address = 84.235.47.103
398Network = 84.235.47.103 / 32
399Netmask = 255.255.255.255
400Broadcast = not needed on Point-to-Point links
401Wildcard Mask = 0.0.0.0
402Hosts Bits = 0
403Max. Hosts = 1 (2^0 - 0)
404Host Range = { 84.235.47.103 - 84.235.47.103 }
405
406
407
408N M A P P O R T S C A N
409============================
410
411Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 04:35 UTC
412Nmap scan report for fg.gov.sa (84.235.47.103)
413Host is up (0.17s latency).
414Other addresses for fg.gov.sa (not scanned): 87.101.230.92
415
416PORT STATE SERVICE
41721/tcp filtered ftp
41822/tcp filtered ssh
41923/tcp filtered telnet
42080/tcp open http
421110/tcp filtered pop3
422143/tcp filtered imap
423443/tcp open https
4243389/tcp filtered ms-wbt-server
425
426Nmap done: 1 IP address (1 host up) scanned in 3.64 seconds
427
428
429
430S U B - D O M A I N F I N D E R
431==================================
432
433
434[i] Total Subdomains Found : 6
435
436[+] Subdomain: workplace.fg.gov.sa
437[-] IP: 84.235.47.98
438
439[+] Subdomain: mail.fg.gov.sa
440[-] IP: 84.235.47.101
441
442[+] Subdomain: autodiscover.fg.gov.sa
443[-] IP: 84.235.47.101
444
445[+] Subdomain: mhr.fg.gov.sa
446[-] IP: 84.235.47.109
447
448[+] Subdomain: jobs.fg.gov.sa
449[-] IP: 84.235.47.104
450
451[+] Subdomain: eservices.fg.gov.sa
452[-] IP: 84.235.47.106
453########################################################################################################################################
454[INFO] ------TARGET info------
455[*] TARGET: https://www.fg.gov.sa/Arabic/
456[*] TARGET IP: 84.235.47.103
457[ALERT] www.fg.gov.sa has a load balancer for IPv4 with the following IPs:
458[*] 84.235.47.103
459[*] 87.101.230.92
460[*] DNS servers: fg.gov.sa.
461[*] TARGET server:
462[*] CC: SA
463[*] Country: Saudi Arabia
464[*] RegionCode: 01
465[*] RegionName: Ar Riyāḑ
466[*] City: Riyadh
467[*] ASN: AS39386
468[*] BGP_PREFIX: 84.235.0.0/17
469[*] ISP: STC-IGW-AS Saudi Telecom Company JSC, SA
470[INFO] SSL/HTTPS certificate detected
471[*] Issuer: issuer=C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
472[*] Subject: subject=C = SA, L = Riyadh, O = General Directorate of Border Guards, CN = fg.gov.sa
473[INFO] DNS enumeration:
474[*] jobs.fg.gov.sa 84.235.47.104 87.101.230.91
475[*] mail.fg.gov.sa 87.101.225.218 84.235.47.101
476[INFO] Possible abuse mails are:
477[*] abuse@fg.gov.sa
478[*] abuse@saudi.net.sa
479[*] abuse@www.fg.gov.sa
480[*] registry@saudi.net.sa
481[*] registry@stc.com.sa
482[INFO] NO PAC (Proxy Auto Configuration) file FOUND
483[INFO] Starting FUZZing in http://www.fg.gov.sa/FUzZzZzZzZz...
484[INFO] Status code Folders
485[*] 301 http://www.fg.gov.sa/index
486[*] 301 http://www.fg.gov.sa/images
487[*] 301 http://www.fg.gov.sa/download
488[*] 301 http://www.fg.gov.sa/2006
489[*] 301 http://www.fg.gov.sa/news
490[*] 301 http://www.fg.gov.sa/crack
491[*] 301 http://www.fg.gov.sa/serial
492[*] 301 http://www.fg.gov.sa/warez
493[*] 301 http://www.fg.gov.sa/full
494[*] 301 http://www.fg.gov.sa/12
495[INFO] NO passwords found in source code
496[INFO] SAME content in http://www.fg.gov.sa/ AND http://84.235.47.103/
497
498Recherche www.fg.gov.sa
499Connexion HTTPS à www.fg.gov.sa
500
501lynx : accès impossible au fichier de départ https://www.fg.gov.sa/Arabic/
502[INFO] Links found from https://www.fg.gov.sa/Arabic/:
503[INFO] GOOGLE has 315,000,000 results (0.21 seconds) about http://www.fg.gov.sa/
504[INFO] Shodan detected the following opened ports on 84.235.47.103:
505[*] 443
506[*] 80
507[INFO] ------VirusTotal SECTION------
508[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
509[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
510[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
511[INFO] ------Alexa Rank SECTION------
512[INFO] Percent of Visitors Rank in Country:
513[INFO] Percent of Search Traffic:
514[INFO] Percent of Unique Visits:
515[INFO] Total Sites Linking In:
516[*] Total Sites
517[INFO] Useful links related to www.fg.gov.sa - 84.235.47.103:
518[*] https://www.virustotal.com/pt/ip-address/84.235.47.103/information/
519[*] https://www.hybrid-analysis.com/search?host=84.235.47.103
520[*] https://www.shodan.io/host/84.235.47.103
521[*] https://www.senderbase.org/lookup/?search_string=84.235.47.103
522[*] https://www.alienvault.com/open-threat-exchange/ip/84.235.47.103
523[*] http://pastebin.com/search?q=84.235.47.103
524[*] http://urlquery.net/search.php?q=84.235.47.103
525[*] http://www.alexa.com/siteinfo/www.fg.gov.sa
526[*] http://www.google.com/safebrowsing/diagnostic?site=www.fg.gov.sa
527[*] https://censys.io/ipv4/84.235.47.103
528[*] https://www.abuseipdb.com/check/84.235.47.103
529[*] https://urlscan.io/search/#84.235.47.103
530[*] https://github.com/search?q=84.235.47.103&type=Code
531[INFO] Useful links related to AS39386 - 84.235.0.0/17:
532[*] http://www.google.com/safebrowsing/diagnostic?site=AS:39386
533[*] https://www.senderbase.org/lookup/?search_string=84.235.0.0/17
534[*] http://bgp.he.net/AS39386
535[*] https://stat.ripe.net/AS39386
536[INFO] Date: 12/08/19 | Time: 00:40:39
537[INFO] Total time: 0 minute(s) and 40 second(s)
538#######################################################################################################################################
539Trying "fg.gov.sa"
540;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17381
541;; flags: qr rd ra; QUERY: 1, ANSWER: 10, AUTHORITY: 4, ADDITIONAL: 6
542
543;; QUESTION SECTION:
544;fg.gov.sa. IN ANY
545
546;; ANSWER SECTION:
547fg.gov.sa. 43200 IN TXT "v=spf1 +mx +ip4:84.235.47.101 +ip4:87.101.225.218 -all"
548fg.gov.sa. 43200 IN MX 10 mail.fg.gov.sa.
549fg.gov.sa. 43200 IN PTR fg.gov.sa.
550fg.gov.sa. 43200 IN A 87.101.230.92
551fg.gov.sa. 43200 IN A 84.235.47.103
552fg.gov.sa. 43200 IN SOA ns1.p05.dynect.net. ajghamdi.fg.gov.sa. 379 3600 600 604800 900
553fg.gov.sa. 3599 IN NS ns4.p05.dynect.net.
554fg.gov.sa. 3599 IN NS ns3.p05.dynect.net.
555fg.gov.sa. 3599 IN NS ns1.p05.dynect.net.
556fg.gov.sa. 3599 IN NS ns2.p05.dynect.net.
557
558;; AUTHORITY SECTION:
559fg.gov.sa. 3599 IN NS ns2.p05.dynect.net.
560fg.gov.sa. 3599 IN NS ns4.p05.dynect.net.
561fg.gov.sa. 3599 IN NS ns3.p05.dynect.net.
562fg.gov.sa. 3599 IN NS ns1.p05.dynect.net.
563
564;; ADDITIONAL SECTION:
565ns3.p05.dynect.net. 28162 IN A 208.78.71.5
566ns3.p05.dynect.net. 104 IN AAAA 2001:500:94:1::5
567ns4.p05.dynect.net. 36623 IN A 204.13.251.5
568ns2.p05.dynect.net. 18741 IN A 204.13.250.5
569ns1.p05.dynect.net. 28162 IN A 208.78.70.5
570ns1.p05.dynect.net. 104 IN AAAA 2001:500:90:1::5
571
572Received 468 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 406 ms
573########################################################################################################################################
574
575; <<>> DiG 9.11.5-P4-5.1-Debian <<>> +trace fg.gov.sa
576;; global options: +cmd
577. 83715 IN NS b.root-servers.net.
578. 83715 IN NS c.root-servers.net.
579. 83715 IN NS h.root-servers.net.
580. 83715 IN NS e.root-servers.net.
581. 83715 IN NS d.root-servers.net.
582. 83715 IN NS f.root-servers.net.
583. 83715 IN NS i.root-servers.net.
584. 83715 IN NS m.root-servers.net.
585. 83715 IN NS a.root-servers.net.
586. 83715 IN NS j.root-servers.net.
587. 83715 IN NS g.root-servers.net.
588. 83715 IN NS k.root-servers.net.
589. 83715 IN NS l.root-servers.net.
590. 83715 IN RRSIG NS 8 0 518400 20190824170000 20190811160000 59944 . oZ6myek7MIW6yn032kOgcHCtA3ZVEK5U14pTDp8ztNzqv4Buoib/BFIL 0vLlub2+vdKLyJFhkgI4Ap9Xd8lzeIxUSqrFBKPzDr3nTAOVTD5TURjB irsnnN3Mb9t7qTcWgjA1wU8WwfRQLqmgBtLB3oM6ZAn7WG0BRATNWCMO cPmO3Djorh3q4nUXG4sqW4x0CLcI9B1e4iQm05OncA8K9rSB7f2//Qzq Ndc/98Ah2lcNI8X6IcHZ84uAKgKcC06QfkKOTdkp6+c+ta9etN4Yj6zG ABFcjiMMTzy8//97XmyUO/LLipzsgABF8pM0Bwi/a/M4T4XsOjhnx2YP 2tPs6A==
591;; Received 525 bytes from 38.132.106.139#53(38.132.106.139) in 53 ms
592
593sa. 172800 IN NS s.nic.net.sa.
594sa. 172800 IN NS ns1.nic.net.sa.
595sa. 172800 IN NS i.nic.net.sa.
596sa. 172800 IN NS p.nic.net.sa.
597sa. 172800 IN NS n.nic.net.sa.
598sa. 172800 IN NS s2.nic.net.sa.
599sa. 172800 IN NS ns2.nic.net.sa.
600sa. 86400 IN DS 30574 8 2 02FC3370C8453439627440B913A8C0A6A4698F9E503F6BBB553D75D7 7E34367E
601sa. 86400 IN RRSIG DS 8 1 86400 20190824170000 20190811160000 59944 . VIEWuxFYX+hXOaOsqVAhfS7sWB8TkoPJs0aa9p0hkZSc/lPbxik9Ypie 58AsC7G4o7MmMqnPlGC+r1HPkHP0u/t+YcT7YkN/fPkhepLECvAREKoT +x/vWkScL/WVABYqMGg2DovNYYo5mBCEqy5sh17N2GierJGND853PIk5 /cuOQhGjoosNkz60fPx9Int7l5VoGrvIhK4BAafHcPbHpNiGFxB220o7 +inJ2mggScd0OK6raJtt0ZqGS3Z0RiymIqGPRb+eSQGVYf+IIKIxOB7d Pvk9vkxjLJKOAJb4gTc51RBWaYBFrGuHBYNH1gaA9x1JuP4P5U+Xcbbb 2n7C3Q==
602;; Received 806 bytes from 2001:7fe::53#53(i.root-servers.net) in 41 ms
603
604fg.gov.sa. 3600 IN NS ns1.p05.dynect.net.
605fg.gov.sa. 3600 IN NS ns2.p05.dynect.net.
606fg.gov.sa. 3600 IN NS ns3.p05.dynect.net.
607fg.gov.sa. 3600 IN NS ns4.p05.dynect.net.
608luf2j2i7qmp9bdls1c0oaim2o0j0u85v.gov.sa. 3600 IN NSEC3 1 1 5 D3326B64EEB98047 MDV4HQSU4NCC2V43T3IOI432C95FF1DL NS SOA RRSIG DNSKEY NSEC3PARAM
609luf2j2i7qmp9bdls1c0oaim2o0j0u85v.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190825155438 20190811145359 65268 gov.sa. lWZw4q0rpUy9tVRBn9ZPI4YZ62a+1aX1xa5LbfzMo1o8cT5uMRS9ZCAs 2NSEjcmBEs0TmKgTK3YcWiHu6MERLv+DoKHp45w88QtyKtNcKP4nau9F +wV0mbryaWKjpGR+B4pIp0AzpPxHQeeExZDCeeLr35bSTfXVJsx+HIKY RrDY2rHVlbKYuqxOJihRSJz5+yR6zn69tq3Es3TsGpG65ssZmXkxheS+ Te8nsSxd7w9Hhz1uXGc39F10txz0G3YsAS5A0uFycj/Q0uqcyGNntO7x 94FNufuNXjPSGg726SkDbKPAF7LtybQaEq31sNB8YT6REdQNMOaGV6Jj NNKolg==
610hsp911tci5q0o18lu6tevir2r7jkqkio.gov.sa. 3600 IN NSEC3 1 1 5 D3326B64EEB98047 LCCDJM88ERHEGC7N9MCQR6C40LK01BEL NS DS RRSIG
611hsp911tci5q0o18lu6tevir2r7jkqkio.gov.sa. 3600 IN RRSIG NSEC3 8 3 3600 20190825155332 20190811145359 65268 gov.sa. nrHoDQldB2vEzv+/JCdy9fsT5UW5FYKwBxKOOhx77WaQ4nEGyWFb+GX2 TzXzNeSl8vh8WjxiWvpd3uYvdOeCAlH6tuq/xNNZLUkIvYkEpq8hKS6J bu3GroXarm1Jwn3jqHUS55miKzyxIB6O5R+IvzQr6zCR/+Thy5LHQP28 2PgIURKC7sJjIJlV/Rijh+sjGBdO7vtptT+sUSTBz0eHGZlB24gfO7Rg oVV4Fvh3KwkM7omqRSKQZwWqjsrIPX4Fn7Ztd6oZHyL+KRcaNo49IJdm 5BXNPV1KE9M5IL4Vm0IH1YfYvhK4PsrSuK0tHDKL+DtR6OlVizQBG1ST u4ZoXg==
612;; Received 887 bytes from 2001:67c:130:10::9#53(ns2.nic.net.sa) in 214 ms
613
614fg.gov.sa. 172800 IN A 87.101.230.92
615fg.gov.sa. 172800 IN A 84.235.47.103
616fg.gov.sa. 86400 IN NS ns2.p05.dynect.net.
617fg.gov.sa. 86400 IN NS ns3.p05.dynect.net.
618fg.gov.sa. 86400 IN NS ns1.p05.dynect.net.
619fg.gov.sa. 86400 IN NS ns4.p05.dynect.net.
620;; Received 156 bytes from 204.13.250.5#53(ns2.p05.dynect.net) in 54 ms
621########################################################################################################################################
622[*] Performing General Enumeration of Domain: fg.gov.sa
623[-] DNSSEC is not configured for fg.gov.sa
624[*] SOA ns1.p05.dynect.net 208.78.70.5
625[*] NS ns4.p05.dynect.net 204.13.251.5
626[*] Bind Version for 204.13.251.5 9.10.5-P3.
627[*] NS ns1.p05.dynect.net 208.78.70.5
628[*] Bind Version for 208.78.70.5 9.10.5-P3.
629[*] NS ns1.p05.dynect.net 2001:500:90:1::5
630[*] Bind Version for 2001:500:90:1::5 9.10.5-P3.
631[*] NS ns2.p05.dynect.net 204.13.250.5
632[*] Bind Version for 204.13.250.5 9.10.5-P3.
633[*] NS ns3.p05.dynect.net 208.78.71.5
634[*] Bind Version for 208.78.71.5 9.10.5-P3.
635[*] NS ns3.p05.dynect.net 2001:500:94:1::5
636[*] Bind Version for 2001:500:94:1::5 9.10.5-P3.
637[*] MX mail.fg.gov.sa 84.235.47.101
638[*] MX mail.fg.gov.sa 87.101.225.218
639[*] A fg.gov.sa 87.101.230.92
640[*] A fg.gov.sa 84.235.47.103
641[*] TXT fg.gov.sa v=spf1 +mx +ip4:84.235.47.101 +ip4:87.101.225.218 -all
642[*] Enumerating SRV Records
643[*] SRV _sip._tls.fg.gov.sa sip.fg.gov.sa 87.101.253.244 5061 0
644[*] SRV _sip._tls.fg.gov.sa sip.fg.gov.sa 87.101.253.241 5061 0
645[*] SRV _sipfederationtls._tcp.fg.gov.sa sip.fg.gov.sa 87.101.253.244 5061 0
646[*] SRV _sipfederationtls._tcp.fg.gov.sa sip.fg.gov.sa 87.101.253.241 5061 0
647[+] 4 Records Found
648#######################################################################################################################################
649[*] Processing domain fg.gov.sa
650[*] Using system resolvers ['38.132.106.139', '194.187.251.67', '185.93.180.131', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a']
651[+] Getting nameservers
652204.13.251.5 - ns4.p05.dynect.net
653208.78.70.5 - ns1.p05.dynect.net
654204.13.250.5 - ns2.p05.dynect.net
655208.78.71.5 - ns3.p05.dynect.net
656[-] Zone transfer failed
657
658[+] TXT records found
659"v=spf1 +mx +ip4:84.235.47.101 +ip4:87.101.225.218 -all"
660
661[+] MX records found, added to target list
66210 mail.fg.gov.sa.
663
664[*] Scanning fg.gov.sa for A records
66587.101.230.92 - fg.gov.sa
66684.235.47.103 - fg.gov.sa
66787.101.253.243 - av.fg.gov.sa
66884.235.47.101 - autodiscover.fg.gov.sa
66987.101.225.218 - autodiscover.fg.gov.sa
67087.101.253.246 - av.fg.gov.sa
67137.76.227.3 - demo.fg.gov.sa
67287.101.253.247 - dialin.fg.gov.sa
67387.101.230.91 - jobs.fg.gov.sa
67484.235.47.104 - jobs.fg.gov.sa
67587.101.253.247 - lyncdiscover.fg.gov.sa
67684.235.47.101 - mail.fg.gov.sa
67787.101.225.218 - mail.fg.gov.sa
67887.101.253.247 - meet.fg.gov.sa
67987.101.253.244 - sip.fg.gov.sa
68087.101.253.241 - sip.fg.gov.sa
68184.235.47.103 - www.fg.gov.sa
68287.101.230.92 - www.fg.gov.sa
683#######################################################################################################################################
684
685
686 AVAILABLE PLUGINS
687 -----------------
688
689 OpenSslCipherSuitesPlugin
690 HeartbleedPlugin
691 RobotPlugin
692 CompressionPlugin
693 HttpHeadersPlugin
694 FallbackScsvPlugin
695 OpenSslCcsInjectionPlugin
696 SessionRenegotiationPlugin
697 EarlyDataPlugin
698 SessionResumptionPlugin
699 CertificateInfoPlugin
700
701
702
703 CHECKING HOST(S) AVAILABILITY
704 -----------------------------
705
706 84.235.47.103:443 => 84.235.47.103
707
708
709
710
711 SCAN RESULTS FOR 84.235.47.103:443 - 84.235.47.103
712 --------------------------------------------------
713
714 * TLS 1.2 Session Resumption Support:
715 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
716 With TLS Tickets: OK - Supported
717
718 * TLSV1_1 Cipher Suites:
719 Forward Secrecy OK - Supported
720 RC4 OK - Not Supported
721
722 Preferred:
723 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
724 Accepted:
725 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
726 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
727 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
728 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
729 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
730 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
731 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
732 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
733 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
734 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
735 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
736 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
737 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
738
739 * OpenSSL Heartbleed:
740 OK - Not vulnerable to Heartbleed
741
742 * Certificate Information:
743 Content
744 SHA1 Fingerprint: 9fa9150b737bba8bca3ee1d1abf25837ce5b5a51
745 Common Name: fg.gov.sa
746 Issuer: DigiCert SHA2 Secure Server CA
747 Serial Number: 11471772664309838778731472976579638061
748 Not Before: 2019-03-25 00:00:00
749 Not After: 2020-04-01 12:00:00
750 Signature Algorithm: sha256
751 Public Key Algorithm: RSA
752 Key Size: 2048
753 Exponent: 65537 (0x10001)
754 DNS Subject Alternative Names: ['fg.gov.sa', 'www.fg.gov.sa', 'mnmc.med.sa', 'www.mnmc.med.sa', 'jobs.fg.gov.sa']
755
756 Trust
757 Hostname Validation: FAILED - Certificate does NOT match 84.235.47.103
758 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
759 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
760 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
761 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
762 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
763 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
764 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
765 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
766 Received Chain: fg.gov.sa --> DigiCert SHA2 Extended Validation Server CA --> DigiCert SHA2 Extended Validation Server CA
767 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
768 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
769 Received Chain Order: OK - Order is valid
770 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
771
772 Extensions
773 OCSP Must-Staple: NOT SUPPORTED - Extension not found
774 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
775
776 OCSP Stapling
777 NOT SUPPORTED - Server did not send back an OCSP response
778
779 * ROBOT Attack:
780 OK - Not vulnerable
781
782 * Deflate Compression:
783 OK - Compression disabled
784
785 * TLSV1_2 Cipher Suites:
786 Forward Secrecy OK - Supported
787 RC4 OK - Not Supported
788
789 Preferred:
790 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
791 Accepted:
792 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
793 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
794 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
795 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
796 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
797 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
798 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
799 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
800 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
801 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
802 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
803 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - /Arabic/
804 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 256 bits HTTP 302 Found - /Arabic/
805 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
806 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
807 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 302 Found - /Arabic/
808 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
809 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
810 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
811 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
812 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
813 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - /Arabic/
814 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
815 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
816 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
817 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
818 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
819 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits HTTP 302 Found - /Arabic/
820 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
821 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
822 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
823 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
824 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
825 RSA_WITH_AES_256_CCM_8 256 bits HTTP 302 Found - /Arabic/
826 RSA_WITH_AES_256_CCM 256 bits HTTP 302 Found - /Arabic/
827 RSA_WITH_AES_128_CCM_8 128 bits HTTP 302 Found - /Arabic/
828 RSA_WITH_AES_128_CCM 128 bits HTTP 302 Found - /Arabic/
829 DHE_RSA_WITH_AES_256_CCM_8 256 bits HTTP 302 Found - /Arabic/
830 DHE_RSA_WITH_AES_128_CCM_8 128 bits HTTP 302 Found - /Arabic/
831 DHE_RSA_WITH_AES_128_CCM 128 bits HTTP 302 Found - /Arabic/
832
833 * SSLV2 Cipher Suites:
834 Server rejected all cipher suites.
835
836 * Downgrade Attacks:
837 TLS_FALLBACK_SCSV: OK - Supported
838
839 * OpenSSL CCS Injection:
840 OK - Not vulnerable to OpenSSL CCS injection
841
842 * Session Renegotiation:
843 Client-initiated Renegotiation: OK - Rejected
844 Secure Renegotiation: OK - Supported
845
846 * SSLV3 Cipher Suites:
847 Server rejected all cipher suites.
848
849 * TLSV1_3 Cipher Suites:
850 Server rejected all cipher suites.
851
852 * TLSV1 Cipher Suites:
853 Forward Secrecy OK - Supported
854 RC4 OK - Not Supported
855
856 Preferred:
857 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
858 Accepted:
859 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
860 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
861 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
862 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
863 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
864 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
865 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
866 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
867 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
868 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
869 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
870 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
871 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
872
873
874 SCAN COMPLETED IN 16.51 S
875 -------------------------
876########################################################################################################################################
877
878
879
880 AVAILABLE PLUGINS
881 -----------------
882
883 OpenSslCipherSuitesPlugin
884 HeartbleedPlugin
885 RobotPlugin
886 CompressionPlugin
887 HttpHeadersPlugin
888 FallbackScsvPlugin
889 OpenSslCcsInjectionPlugin
890 SessionRenegotiationPlugin
891 EarlyDataPlugin
892 SessionResumptionPlugin
893 CertificateInfoPlugin
894
895
896
897 CHECKING HOST(S) AVAILABILITY
898 -----------------------------
899
900 87.101.230.92:443 => 87.101.230.92
901
902
903
904
905 SCAN RESULTS FOR 87.101.230.92:443 - 87.101.230.92
906 --------------------------------------------------
907
908 * ROBOT Attack:
909 OK - Not vulnerable
910
911 * TLSV1_1 Cipher Suites:
912 Forward Secrecy OK - Supported
913 RC4 OK - Not Supported
914
915 Preferred:
916 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
917 Accepted:
918 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
919 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
920 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
921 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
922 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
923 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
924 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
925 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
926 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
927 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
928 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
929 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
930 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
931
932 * OpenSSL Heartbleed:
933 OK - Not vulnerable to Heartbleed
934
935 * Certificate Information:
936 Content
937 SHA1 Fingerprint: 9fa9150b737bba8bca3ee1d1abf25837ce5b5a51
938 Common Name: fg.gov.sa
939 Issuer: DigiCert SHA2 Secure Server CA
940 Serial Number: 11471772664309838778731472976579638061
941 Not Before: 2019-03-25 00:00:00
942 Not After: 2020-04-01 12:00:00
943 Signature Algorithm: sha256
944 Public Key Algorithm: RSA
945 Key Size: 2048
946 Exponent: 65537 (0x10001)
947 DNS Subject Alternative Names: ['fg.gov.sa', 'www.fg.gov.sa', 'mnmc.med.sa', 'www.mnmc.med.sa', 'jobs.fg.gov.sa']
948
949 Trust
950 Hostname Validation: FAILED - Certificate does NOT match 87.101.230.92
951 Android CA Store (9.0.0_r9): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
952 iOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
953 Java CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
954 macOS CA Store (12, macOS 10.14, watchOS 5, and tvOS 12):FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
955 Mozilla CA Store (2018-11-22): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
956 OPENJDK CA Store (jdk-11.0.2): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
957 Windows CA Store (2018-12-08): FAILED - Certificate is NOT Trusted: unable to get local issuer certificate
958 Symantec 2018 Deprecation: OK - Not a Symantec-issued certificate
959 Received Chain: fg.gov.sa --> DigiCert SHA2 Extended Validation Server CA --> DigiCert SHA2 Extended Validation Server CA
960 Verified Chain: ERROR - Could not build verified chain (certificate untrusted?)
961 Received Chain Contains Anchor: ERROR - Could not build verified chain (certificate untrusted?)
962 Received Chain Order: OK - Order is valid
963 Verified Chain contains SHA1: ERROR - Could not build verified chain (certificate untrusted?)
964
965 Extensions
966 OCSP Must-Staple: NOT SUPPORTED - Extension not found
967 Certificate Transparency: WARNING - Only 2 SCTs included but Google recommends 3 or more
968
969 OCSP Stapling
970 NOT SUPPORTED - Server did not send back an OCSP response
971
972 * TLS 1.2 Session Resumption Support:
973 With Session IDs: NOT SUPPORTED (0 successful, 5 failed, 0 errors, 5 total attempts).
974 With TLS Tickets: OK - Supported
975
976 * Deflate Compression:
977 OK - Compression disabled
978
979 * TLSV1_2 Cipher Suites:
980 Forward Secrecy OK - Supported
981 RC4 OK - Not Supported
982
983 Preferred:
984 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
985 Accepted:
986 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
987 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
988 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
989 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
990 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
991 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
992 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
993 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
994 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
995 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
996 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
997 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - /Arabic/
998 TLS_ECDHE_RSA_WITH_CAMELLIA_256_CBC_SHA384 256 bits HTTP 302 Found - /Arabic/
999 TLS_ECDHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
1000 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
1001 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 302 Found - /Arabic/
1002 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1003 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
1004 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
1005 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1006 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1007 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 256 bits HTTP 302 Found - /Arabic/
1008 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
1009 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1010 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
1011 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1012 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 302 Found - /Arabic/
1013 TLS_DHE_RSA_WITH_AES_256_CCM 256 bits HTTP 302 Found - /Arabic/
1014 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 302 Found - /Arabic/
1015 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1016 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 302 Found - /Arabic/
1017 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 302 Found - /Arabic/
1018 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1019 RSA_WITH_AES_256_CCM_8 256 bits HTTP 302 Found - /Arabic/
1020 RSA_WITH_AES_256_CCM 256 bits HTTP 302 Found - /Arabic/
1021 RSA_WITH_AES_128_CCM_8 128 bits HTTP 302 Found - /Arabic/
1022 RSA_WITH_AES_128_CCM 128 bits HTTP 302 Found - /Arabic/
1023 DHE_RSA_WITH_AES_256_CCM_8 256 bits HTTP 302 Found - /Arabic/
1024 DHE_RSA_WITH_AES_128_CCM_8 128 bits HTTP 302 Found - /Arabic/
1025 DHE_RSA_WITH_AES_128_CCM 128 bits HTTP 302 Found - /Arabic/
1026
1027 * SSLV2 Cipher Suites:
1028 Server rejected all cipher suites.
1029
1030 * Downgrade Attacks:
1031 TLS_FALLBACK_SCSV: OK - Supported
1032
1033 * OpenSSL CCS Injection:
1034 OK - Not vulnerable to OpenSSL CCS injection
1035
1036 * Session Renegotiation:
1037 Client-initiated Renegotiation: OK - Rejected
1038 Secure Renegotiation: OK - Supported
1039
1040 * SSLV3 Cipher Suites:
1041 Server rejected all cipher suites.
1042
1043 * TLSV1 Cipher Suites:
1044 Forward Secrecy OK - Supported
1045 RC4 OK - Not Supported
1046
1047 Preferred:
1048 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1049 Accepted:
1050 TLS_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1051 TLS_RSA_WITH_IDEA_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1052 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1053 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1054 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1055 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1056 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1057 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1058 TLS_DHE_RSA_WITH_SEED_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1059 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1060 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1061 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 302 Found - /Arabic/
1062 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 302 Found - /Arabic/
1063
1064 * TLSV1_3 Cipher Suites:
1065 Server rejected all cipher suites.
1066
1067
1068 SCAN COMPLETED IN 18.26 S
1069 -------------------------
1070#######################################################################################################################################
1071
1072Domains still to check: 1
1073 Checking if the hostname fg.gov.sa. given is in fact a domain...
1074
1075Analyzing domain: fg.gov.sa.
1076 Checking NameServers using system default resolver...
1077 IP: 204.13.251.5 (United States)
1078 HostName: ns4.p05.dynect.net Type: NS
1079 HostName: ns4.p05.dynect.net Type: PTR
1080 IP: 208.78.70.5 (United States)
1081 HostName: ns1.p05.dynect.net Type: NS
1082 HostName: ns1.p05.dynect.net Type: PTR
1083 IP: 204.13.250.5 (United States)
1084 HostName: ns2.p05.dynect.net Type: NS
1085 HostName: ns2.p05.dynect.net Type: PTR
1086 IP: 208.78.71.5 (United States)
1087 HostName: ns3.p05.dynect.net Type: NS
1088 HostName: ns3.p05.dynect.net Type: PTR
1089
1090 Checking MailServers using system default resolver...
1091 IP: 84.235.47.101 (Saudi Arabia)
1092 HostName: mail.fg.gov.sa Type: MX
1093 HostName: mail.fg.gov.sa Type: PTR
1094 IP: 87.101.225.218 (Saudi Arabia)
1095 HostName: mail.fg.gov.sa Type: MX
1096 HostName: mail.fg.gov.sa Type: PTR
1097
1098 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1099 No zone transfer found on nameserver 208.78.70.5
1100 No zone transfer found on nameserver 208.78.71.5
1101 No zone transfer found on nameserver 204.13.251.5
1102 No zone transfer found on nameserver 204.13.250.5
1103
1104 Checking SPF record...
1105
1106 Checking 192 most common hostnames using system default resolver...
1107 IP: 84.235.47.103 (Saudi Arabia)
1108 HostName: www.fg.gov.sa. Type: A
1109 IP: 87.101.230.92 (Saudi Arabia)
1110 HostName: www.fg.gov.sa. Type: A
1111 IP: 84.235.47.101 (Saudi Arabia)
1112 HostName: mail.fg.gov.sa Type: MX
1113 HostName: mail.fg.gov.sa Type: PTR
1114 Type: SPF
1115 HostName: mail.fg.gov.sa. Type: A
1116 IP: 87.101.225.218 (Saudi Arabia)
1117 HostName: mail.fg.gov.sa Type: MX
1118 HostName: mail.fg.gov.sa Type: PTR
1119 Type: SPF
1120 HostName: mail.fg.gov.sa. Type: A
1121
1122 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1123 Checking netblock 208.78.70.0
1124 Checking netblock 87.101.230.0
1125 Checking netblock 208.78.71.0
1126 Checking netblock 204.13.251.0
1127 Checking netblock 87.101.225.0
1128 Checking netblock 84.235.47.0
1129 Checking netblock 204.13.250.0
1130
1131 Searching for fg.gov.sa. emails in Google
1132 info@fg.gov.sa&
1133
1134 Checking 8 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1135 Host 208.78.70.5 is up (reset ttl 64)
1136 Host 87.101.230.92 is up (reset ttl 64)
1137 Host 208.78.71.5 is up (reset ttl 64)
1138 Host 204.13.251.5 is up (reset ttl 64)
1139 Host 87.101.225.218 is up (reset ttl 64)
1140 Host 84.235.47.103 is up (reset ttl 64)
1141 Host 84.235.47.101 is up (reset ttl 64)
1142 Host 204.13.250.5 is up (reset ttl 64)
1143
1144 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1145 Scanning ip 208.78.70.5 (ns1.p05.dynect.net (PTR)):
1146 53/tcp open domain syn-ack ttl 51 (generic dns response: NOTIMP)
1147 | dns-nsid:
1148 |_ bind.version: 9.10.5-P3.
1149 Scanning ip 87.101.230.92 (www.fg.gov.sa.):
1150 80/tcp open http syn-ack ttl 44
1151 | fingerprint-strings:
1152 | FourOhFourRequest:
1153 | HTTP/1.0 301 Moved Permanently
1154 | Date: Mon, 12 Aug 2019 04:53:19 GMT
1155 | Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
1156 | Content-Length: 98
1157 | Content-Type: text/html
1158 | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1159 | GetRequest:
1160 | HTTP/1.0 301 Moved Permanently
1161 | Date: Mon, 12 Aug 2019 04:53:12 GMT
1162 | Location: https://192.168.192.151/
1163 | Content-Length: 98
1164 | Content-Type: text/html
1165 | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1166 | HTTPOptions:
1167 | HTTP/1.0 301 Moved Permanently
1168 | Date: Mon, 12 Aug 2019 04:53:13 GMT
1169 | Location: https://192.168.192.151/
1170 | Content-Length: 98
1171 | Content-Type: text/html
1172 |_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1173 |_http-title: The URL you requested has been blocked
1174 443/tcp open ssl/http syn-ack ttl 43 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1175 |_http-server-header: XXXXXXXXXXXXXXXXXX
1176 |_http-title: The URL you requested has been blocked
1177 | ssl-cert: Subject: commonName=fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1178 | Subject Alternative Name: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
1179 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1180 | Public Key type: rsa
1181 | Public Key bits: 2048
1182 | Signature Algorithm: sha256WithRSAEncryption
1183 | Not valid before: 2019-03-25T00:00:00
1184 | Not valid after: 2020-04-01T12:00:00
1185 | MD5: 8f5b 6b39 f23c 8010 248a 7b1e 1b6d 1896
1186 |_SHA-1: 9fa9 150b 737b ba8b ca3e e1d1 abf2 5837 ce5b 5a51
1187 |_ssl-date: 2019-08-12T04:54:26+00:00; -48s from scanner time.
1188 | tls-alpn:
1189 |_ http/1.1
1190 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1191 Scanning ip 208.78.71.5 (ns3.p05.dynect.net (PTR)):
1192 53/tcp open domain syn-ack ttl 50 (generic dns response: NOTIMP)
1193 | dns-nsid:
1194 |_ bind.version: 9.10.5-P3.
1195 Scanning ip 204.13.251.5 (ns4.p05.dynect.net (PTR)):
1196 53/tcp open domain syn-ack ttl 50 ISC BIND 9.10.5-P3.
1197 | dns-nsid:
1198 |_ bind.version: 9.10.5-P3.
1199 Scanning ip 87.101.225.218 (mail.fg.gov.sa.):
1200 80/tcp open http syn-ack ttl 43
1201 | fingerprint-strings:
1202 | FourOhFourRequest:
1203 | HTTP/1.1 302 Found
1204 | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1205 | Connection: close
1206 | Set-Cookie: cookiesession1=4F9A5824RL95YOGEPK4PAUFTQJFV31F9;Path=/;HttpOnly
1207 | GetRequest:
1208 | HTTP/1.1 302 Found
1209 | Location: https:///
1210 | Connection: close
1211 | Set-Cookie: cookiesession1=4F9A5824KIUVH38OHT2OBYA0KBC44F28;Path=/;HttpOnly
1212 | HTTPOptions:
1213 | HTTP/1.1 302 Found
1214 | Location: https:///
1215 | Connection: close
1216 |_ Set-Cookie: cookiesession1=4F9A5824X8O1YAD9UUWFDR6KRLNM7FA7;Path=/;HttpOnly
1217 | http-methods:
1218 |_ Supported Methods: GET HEAD POST OPTIONS
1219 |_http-title: Did not follow redirect to https://87.101.225.218/
1220 443/tcp open ssl/http syn-ack ttl 43 Microsoft IIS httpd 8.5
1221 |_http-favicon: Unknown favicon MD5: E40DE59DC9B574F85EDF5501B6833311
1222 | http-methods:
1223 |_ Supported Methods: GET HEAD POST OPTIONS
1224 |_http-server-header: Microsoft-IIS/8.5
1225 | http-title: Outlook Web App
1226 |_Requested resource was https://87.101.225.218/owa/auth/logon.aspx?url=https%3a%2f%2f87.101.225.218%2fowa%2f&reason=0
1227 | ssl-cert: Subject: commonName=mail.fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1228 | Subject Alternative Name: DNS:mail.fg.gov.sa, DNS:autodiscover.fg.gov.sa, DNS:legacy.fg.gov.sa
1229 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1230 | Public Key type: rsa
1231 | Public Key bits: 2048
1232 | Signature Algorithm: sha256WithRSAEncryption
1233 | Not valid before: 2019-02-21T00:00:00
1234 | Not valid after: 2021-02-25T12:00:00
1235 | MD5: 20be 26ed d798 9ed4 d313 a799 476d 00aa
1236 |_SHA-1: b31f 6910 b709 b1ee 1676 af44 2ce1 6224 6412 6468
1237 |_ssl-date: 2019-08-12T04:57:34+00:00; -48s from scanner time.
1238 | tls-alpn:
1239 |_ http/1.1
1240 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1241 Scanning ip 84.235.47.103 (www.fg.gov.sa.):
1242 80/tcp open http syn-ack ttl 49
1243 | fingerprint-strings:
1244 | FourOhFourRequest:
1245 | HTTP/1.0 301 Moved Permanently
1246 | Date: Mon, 12 Aug 2019 04:58:53 GMT
1247 | Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
1248 | Content-Length: 98
1249 | Content-Type: text/html
1250 | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1251 | GetRequest:
1252 | HTTP/1.0 301 Moved Permanently
1253 | Date: Mon, 12 Aug 2019 04:58:46 GMT
1254 | Location: https://192.168.192.151/
1255 | Content-Length: 98
1256 | Content-Type: text/html
1257 | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1258 | HTTPOptions:
1259 | HTTP/1.0 301 Moved Permanently
1260 | Date: Mon, 12 Aug 2019 04:58:47 GMT
1261 | Location: https://192.168.192.151/
1262 | Content-Length: 98
1263 | Content-Type: text/html
1264 |_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1265 |_http-title: The URL you requested has been blocked
1266 443/tcp open ssl/http syn-ack ttl 48 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1267 |_http-server-header: XXXXXXXXXXXXXXXXXX
1268 |_http-title: The URL you requested has been blocked
1269 | ssl-cert: Subject: commonName=fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1270 | Subject Alternative Name: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
1271 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1272 | Public Key type: rsa
1273 | Public Key bits: 2048
1274 | Signature Algorithm: sha256WithRSAEncryption
1275 | Not valid before: 2019-03-25T00:00:00
1276 | Not valid after: 2020-04-01T12:00:00
1277 | MD5: 8f5b 6b39 f23c 8010 248a 7b1e 1b6d 1896
1278 |_SHA-1: 9fa9 150b 737b ba8b ca3e e1d1 abf2 5837 ce5b 5a51
1279 |_ssl-date: 2019-08-12T04:59:58+00:00; -49s from scanner time.
1280 | tls-alpn:
1281 |_ http/1.1
1282 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1283 Scanning ip 84.235.47.101 (mail.fg.gov.sa.):
1284 80/tcp open http syn-ack ttl 48
1285 | fingerprint-strings:
1286 | FourOhFourRequest:
1287 | HTTP/1.1 302 Found
1288 | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1289 | Connection: close
1290 | Set-Cookie: cookiesession1=4F9A58249JF01SEVSHYEVXUH81SD47AB;Path=/;HttpOnly
1291 | GetRequest:
1292 | HTTP/1.1 302 Found
1293 | Location: https:///
1294 | Connection: close
1295 | Set-Cookie: cookiesession1=4F9A58242KYBOFRY2PL3D2B2S4DL1639;Path=/;HttpOnly
1296 | HTTPOptions:
1297 | HTTP/1.1 302 Found
1298 | Location: https:///
1299 | Connection: close
1300 |_ Set-Cookie: cookiesession1=4F9A5824QI7Q6FUPYFUWKRXIHRK3BFF4;Path=/;HttpOnly
1301 | http-methods:
1302 |_ Supported Methods: GET HEAD POST OPTIONS
1303 |_http-title: Did not follow redirect to https://84.235.47.101/
1304 443/tcp open ssl/http syn-ack ttl 48 Microsoft IIS httpd 8.5
1305 |_http-favicon: Unknown favicon MD5: 3087A978D03C8559D73BABB607161A19
1306 | http-methods:
1307 |_ Supported Methods: GET HEAD POST OPTIONS
1308 |_http-server-header: Microsoft-IIS/8.5
1309 | http-title: Outlook Web App
1310 |_Requested resource was https://84.235.47.101/owa/auth/logon.aspx?url=https%3a%2f%2f84.235.47.101%2fowa%2f&reason=0
1311 | ssl-cert: Subject: commonName=mail.fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1312 | Subject Alternative Name: DNS:mail.fg.gov.sa, DNS:autodiscover.fg.gov.sa, DNS:legacy.fg.gov.sa
1313 | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1314 | Public Key type: rsa
1315 | Public Key bits: 2048
1316 | Signature Algorithm: sha256WithRSAEncryption
1317 | Not valid before: 2019-02-21T00:00:00
1318 | Not valid after: 2021-02-25T12:00:00
1319 | MD5: 20be 26ed d798 9ed4 d313 a799 476d 00aa
1320 |_SHA-1: b31f 6910 b709 b1ee 1676 af44 2ce1 6224 6412 6468
1321 |_ssl-date: 2019-08-12T05:02:33+00:00; -49s from scanner time.
1322 | tls-alpn:
1323 |_ http/1.1
1324 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1325 Scanning ip 204.13.250.5 (ns2.p05.dynect.net (PTR)):
1326 53/tcp open domain syn-ack ttl 52 (generic dns response: NOTIMP)
1327 | dns-nsid:
1328 |_ bind.version: 9.10.5-P3.
1329 WebCrawling domain's web servers... up to 50 max links.
1330
1331 + URL to crawl: http://www.fg.gov.sa.
1332 + Date: 2019-08-12
1333
1334 + Crawling URL: http://www.fg.gov.sa.:
1335 + Links:
1336 + Crawling http://www.fg.gov.sa. (timed out)
1337 + Searching for directories...
1338 + Searching open folders...
1339
1340
1341 + URL to crawl: https://www.fg.gov.sa.
1342 + Date: 2019-08-12
1343
1344 + Crawling URL: https://www.fg.gov.sa.:
1345 + Links:
1346 + Crawling https://www.fg.gov.sa. (timed out)
1347 + Searching for directories...
1348 + Searching open folders...
1349
1350
1351 + URL to crawl: http://mail.fg.gov.sa
1352 + Date: 2019-08-12
1353
1354 + Crawling URL: http://mail.fg.gov.sa:
1355 + Links:
1356 + Crawling http://mail.fg.gov.sa
1357 + Searching for directories...
1358 - Found: http://mail.fg.gov.sa/owa/
1359 - Found: http://mail.fg.gov.sa/owa/auth/
1360 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/
1361 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/
1362 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/
1363 + Searching open folders...
1364 - http://mail.fg.gov.sa/owa/ (No Open Folder)
1365 - http://mail.fg.gov.sa/owa/auth/ (403 Forbidden)
1366 - http://mail.fg.gov.sa/owa/auth/15.0.1178/ (403 Forbidden)
1367 - http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/ (403 Forbidden)
1368 - http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/ (403 Forbidden)
1369
1370
1371 + URL to crawl: http://mail.fg.gov.sa.
1372 + Date: 2019-08-12
1373
1374 + Crawling URL: http://mail.fg.gov.sa.:
1375 + Links:
1376 + Crawling http://mail.fg.gov.sa.
1377 + Searching for directories...
1378 + Searching open folders...
1379
1380
1381 + URL to crawl: https://mail.fg.gov.sa
1382 + Date: 2019-08-12
1383
1384 + Crawling URL: https://mail.fg.gov.sa:
1385 + Links:
1386 + Crawling https://mail.fg.gov.sa
1387 + Searching for directories...
1388 - Found: https://mail.fg.gov.sa/owa/
1389 - Found: https://mail.fg.gov.sa/owa/auth/
1390 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/
1391 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/
1392 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/
1393 + Searching open folders...
1394 - https://mail.fg.gov.sa/owa/ (No Open Folder)
1395 - https://mail.fg.gov.sa/owa/auth/ (403 Forbidden)
1396 - https://mail.fg.gov.sa/owa/auth/15.0.1178/ (403 Forbidden)
1397 - https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/ (403 Forbidden)
1398 - https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/ (403 Forbidden)
1399
1400
1401 + URL to crawl: https://mail.fg.gov.sa.
1402 + Date: 2019-08-12
1403
1404 + Crawling URL: https://mail.fg.gov.sa.:
1405 + Links:
1406 + Crawling https://mail.fg.gov.sa.
1407 + Searching for directories...
1408 + Searching open folders...
1409
1410
1411 + URL to crawl: http://www.fg.gov.sa.
1412 + Date: 2019-08-12
1413
1414 + Crawling URL: http://www.fg.gov.sa.:
1415 + Links:
1416 + Crawling http://www.fg.gov.sa. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1417 + Searching for directories...
1418 + Searching open folders...
1419
1420
1421 + URL to crawl: https://www.fg.gov.sa.
1422 + Date: 2019-08-12
1423
1424 + Crawling URL: https://www.fg.gov.sa.:
1425 + Links:
1426 + Crawling https://www.fg.gov.sa. ([SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:727))
1427 + Searching for directories...
1428 + Searching open folders...
1429
1430
1431 + URL to crawl: http://mail.fg.gov.sa
1432 + Date: 2019-08-12
1433
1434 + Crawling URL: http://mail.fg.gov.sa:
1435 + Links:
1436 + Crawling http://mail.fg.gov.sa
1437 + Searching for directories...
1438 - Found: http://mail.fg.gov.sa/owa/
1439 - Found: http://mail.fg.gov.sa/owa/auth/
1440 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/
1441 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/
1442 - Found: http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/
1443 + Searching open folders...
1444 - http://mail.fg.gov.sa/owa/ (No Open Folder)
1445 - http://mail.fg.gov.sa/owa/auth/ (403 Forbidden)
1446 - http://mail.fg.gov.sa/owa/auth/15.0.1178/ (403 Forbidden)
1447 - http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/ (403 Forbidden)
1448 - http://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/ (403 Forbidden)
1449
1450
1451 + URL to crawl: http://mail.fg.gov.sa.
1452 + Date: 2019-08-12
1453
1454 + Crawling URL: http://mail.fg.gov.sa.:
1455 + Links:
1456 + Crawling http://mail.fg.gov.sa.
1457 + Searching for directories...
1458 + Searching open folders...
1459
1460
1461 + URL to crawl: https://mail.fg.gov.sa
1462 + Date: 2019-08-12
1463
1464 + Crawling URL: https://mail.fg.gov.sa:
1465 + Links:
1466 + Crawling https://mail.fg.gov.sa
1467 + Searching for directories...
1468 - Found: https://mail.fg.gov.sa/owa/
1469 - Found: https://mail.fg.gov.sa/owa/auth/
1470 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/
1471 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/
1472 - Found: https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/
1473 + Searching open folders...
1474 - https://mail.fg.gov.sa/owa/ (No Open Folder)
1475 - https://mail.fg.gov.sa/owa/auth/ (403 Forbidden)
1476 - https://mail.fg.gov.sa/owa/auth/15.0.1178/ (403 Forbidden)
1477 - https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/ (403 Forbidden)
1478 - https://mail.fg.gov.sa/owa/auth/15.0.1178/themes/resources/ (403 Forbidden)
1479
1480
1481 + URL to crawl: https://mail.fg.gov.sa.
1482 + Date: 2019-08-12
1483
1484 + Crawling URL: https://mail.fg.gov.sa.:
1485 + Links:
1486 + Crawling https://mail.fg.gov.sa.
1487 + Searching for directories...
1488 + Searching open folders...
1489
1490--Finished--
1491Summary information for domain fg.gov.sa.
1492-----------------------------------------
1493 Domain Specific Information:
1494 Email: info@fg.gov.sa&
1495
1496 Domain Ips Information:
1497 IP: 208.78.70.5
1498 HostName: ns1.p05.dynect.net Type: NS
1499 HostName: ns1.p05.dynect.net Type: PTR
1500 Country: United States
1501 Is Active: True (reset ttl 64)
1502 Port: 53/tcp open domain syn-ack ttl 51 (generic dns response: NOTIMP)
1503 Script Info: | dns-nsid:
1504 Script Info: |_ bind.version: 9.10.5-P3.
1505 IP: 87.101.230.92
1506 HostName: www.fg.gov.sa. Type: A
1507 Country: Saudi Arabia
1508 Is Active: True (reset ttl 64)
1509 Port: 80/tcp open http syn-ack ttl 44
1510 Script Info: | fingerprint-strings:
1511 Script Info: | FourOhFourRequest:
1512 Script Info: | HTTP/1.0 301 Moved Permanently
1513 Script Info: | Date: Mon, 12 Aug 2019 04:53:19 GMT
1514 Script Info: | Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
1515 Script Info: | Content-Length: 98
1516 Script Info: | Content-Type: text/html
1517 Script Info: | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1518 Script Info: | GetRequest:
1519 Script Info: | HTTP/1.0 301 Moved Permanently
1520 Script Info: | Date: Mon, 12 Aug 2019 04:53:12 GMT
1521 Script Info: | Location: https://192.168.192.151/
1522 Script Info: | Content-Length: 98
1523 Script Info: | Content-Type: text/html
1524 Script Info: | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1525 Script Info: | HTTPOptions:
1526 Script Info: | HTTP/1.0 301 Moved Permanently
1527 Script Info: | Date: Mon, 12 Aug 2019 04:53:13 GMT
1528 Script Info: | Location: https://192.168.192.151/
1529 Script Info: | Content-Length: 98
1530 Script Info: | Content-Type: text/html
1531 Script Info: |_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1532 Script Info: |_http-title: The URL you requested has been blocked
1533 Port: 443/tcp open ssl/http syn-ack ttl 43 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1534 Script Info: |_http-server-header: XXXXXXXXXXXXXXXXXX
1535 Script Info: |_http-title: The URL you requested has been blocked
1536 Script Info: | ssl-cert: Subject: commonName=fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1537 Script Info: | Subject Alternative Name: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
1538 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1539 Script Info: | Public Key type: rsa
1540 Script Info: | Public Key bits: 2048
1541 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1542 Script Info: | Not valid before: 2019-03-25T00:00:00
1543 Script Info: | Not valid after: 2020-04-01T12:00:00
1544 Script Info: | MD5: 8f5b 6b39 f23c 8010 248a 7b1e 1b6d 1896
1545 Script Info: |_SHA-1: 9fa9 150b 737b ba8b ca3e e1d1 abf2 5837 ce5b 5a51
1546 Script Info: |_ssl-date: 2019-08-12T04:54:26+00:00; -48s from scanner time.
1547 Script Info: | tls-alpn:
1548 Script Info: |_ http/1.1
1549 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1550 IP: 208.78.71.5
1551 HostName: ns3.p05.dynect.net Type: NS
1552 HostName: ns3.p05.dynect.net Type: PTR
1553 Country: United States
1554 Is Active: True (reset ttl 64)
1555 Port: 53/tcp open domain syn-ack ttl 50 (generic dns response: NOTIMP)
1556 Script Info: | dns-nsid:
1557 Script Info: |_ bind.version: 9.10.5-P3.
1558 IP: 204.13.251.5
1559 HostName: ns4.p05.dynect.net Type: NS
1560 HostName: ns4.p05.dynect.net Type: PTR
1561 Country: United States
1562 Is Active: True (reset ttl 64)
1563 Port: 53/tcp open domain syn-ack ttl 50 ISC BIND 9.10.5-P3.
1564 Script Info: | dns-nsid:
1565 Script Info: |_ bind.version: 9.10.5-P3.
1566 IP: 87.101.225.218
1567 HostName: mail.fg.gov.sa Type: MX
1568 HostName: mail.fg.gov.sa Type: PTR
1569 Type: SPF
1570 HostName: mail.fg.gov.sa. Type: A
1571 Country: Saudi Arabia
1572 Is Active: True (reset ttl 64)
1573 Port: 80/tcp open http syn-ack ttl 43
1574 Script Info: | fingerprint-strings:
1575 Script Info: | FourOhFourRequest:
1576 Script Info: | HTTP/1.1 302 Found
1577 Script Info: | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1578 Script Info: | Connection: close
1579 Script Info: | Set-Cookie: cookiesession1=4F9A5824RL95YOGEPK4PAUFTQJFV31F9;Path=/;HttpOnly
1580 Script Info: | GetRequest:
1581 Script Info: | HTTP/1.1 302 Found
1582 Script Info: | Location: https:///
1583 Script Info: | Connection: close
1584 Script Info: | Set-Cookie: cookiesession1=4F9A5824KIUVH38OHT2OBYA0KBC44F28;Path=/;HttpOnly
1585 Script Info: | HTTPOptions:
1586 Script Info: | HTTP/1.1 302 Found
1587 Script Info: | Location: https:///
1588 Script Info: | Connection: close
1589 Script Info: |_ Set-Cookie: cookiesession1=4F9A5824X8O1YAD9UUWFDR6KRLNM7FA7;Path=/;HttpOnly
1590 Script Info: | http-methods:
1591 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1592 Script Info: |_http-title: Did not follow redirect to https://87.101.225.218/
1593 Port: 443/tcp open ssl/http syn-ack ttl 43 Microsoft IIS httpd 8.5
1594 Script Info: |_http-favicon: Unknown favicon MD5: E40DE59DC9B574F85EDF5501B6833311
1595 Script Info: | http-methods:
1596 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1597 Script Info: |_http-server-header: Microsoft-IIS/8.5
1598 Script Info: | http-title: Outlook Web App
1599 Script Info: |_Requested resource was https://87.101.225.218/owa/auth/logon.aspx?url=https%3a%2f%2f87.101.225.218%2fowa%2f&reason=0
1600 Script Info: | ssl-cert: Subject: commonName=mail.fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1601 Script Info: | Subject Alternative Name: DNS:mail.fg.gov.sa, DNS:autodiscover.fg.gov.sa, DNS:legacy.fg.gov.sa
1602 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1603 Script Info: | Public Key type: rsa
1604 Script Info: | Public Key bits: 2048
1605 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1606 Script Info: | Not valid before: 2019-02-21T00:00:00
1607 Script Info: | Not valid after: 2021-02-25T12:00:00
1608 Script Info: | MD5: 20be 26ed d798 9ed4 d313 a799 476d 00aa
1609 Script Info: |_SHA-1: b31f 6910 b709 b1ee 1676 af44 2ce1 6224 6412 6468
1610 Script Info: |_ssl-date: 2019-08-12T04:57:34+00:00; -48s from scanner time.
1611 Script Info: | tls-alpn:
1612 Script Info: |_ http/1.1
1613 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1614 IP: 84.235.47.103
1615 HostName: www.fg.gov.sa. Type: A
1616 Country: Saudi Arabia
1617 Is Active: True (reset ttl 64)
1618 Port: 80/tcp open http syn-ack ttl 49
1619 Script Info: | fingerprint-strings:
1620 Script Info: | FourOhFourRequest:
1621 Script Info: | HTTP/1.0 301 Moved Permanently
1622 Script Info: | Date: Mon, 12 Aug 2019 04:58:53 GMT
1623 Script Info: | Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
1624 Script Info: | Content-Length: 98
1625 Script Info: | Content-Type: text/html
1626 Script Info: | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1627 Script Info: | GetRequest:
1628 Script Info: | HTTP/1.0 301 Moved Permanently
1629 Script Info: | Date: Mon, 12 Aug 2019 04:58:46 GMT
1630 Script Info: | Location: https://192.168.192.151/
1631 Script Info: | Content-Length: 98
1632 Script Info: | Content-Type: text/html
1633 Script Info: | <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1634 Script Info: | HTTPOptions:
1635 Script Info: | HTTP/1.0 301 Moved Permanently
1636 Script Info: | Date: Mon, 12 Aug 2019 04:58:47 GMT
1637 Script Info: | Location: https://192.168.192.151/
1638 Script Info: | Content-Length: 98
1639 Script Info: | Content-Type: text/html
1640 Script Info: |_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1641 Script Info: |_http-title: The URL you requested has been blocked
1642 Port: 443/tcp open ssl/http syn-ack ttl 48 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1643 Script Info: |_http-server-header: XXXXXXXXXXXXXXXXXX
1644 Script Info: |_http-title: The URL you requested has been blocked
1645 Script Info: | ssl-cert: Subject: commonName=fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1646 Script Info: | Subject Alternative Name: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
1647 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1648 Script Info: | Public Key type: rsa
1649 Script Info: | Public Key bits: 2048
1650 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1651 Script Info: | Not valid before: 2019-03-25T00:00:00
1652 Script Info: | Not valid after: 2020-04-01T12:00:00
1653 Script Info: | MD5: 8f5b 6b39 f23c 8010 248a 7b1e 1b6d 1896
1654 Script Info: |_SHA-1: 9fa9 150b 737b ba8b ca3e e1d1 abf2 5837 ce5b 5a51
1655 Script Info: |_ssl-date: 2019-08-12T04:59:58+00:00; -49s from scanner time.
1656 Script Info: | tls-alpn:
1657 Script Info: |_ http/1.1
1658 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1659 IP: 84.235.47.101
1660 HostName: mail.fg.gov.sa Type: MX
1661 HostName: mail.fg.gov.sa Type: PTR
1662 Type: SPF
1663 HostName: mail.fg.gov.sa. Type: A
1664 Country: Saudi Arabia
1665 Is Active: True (reset ttl 64)
1666 Port: 80/tcp open http syn-ack ttl 48
1667 Script Info: | fingerprint-strings:
1668 Script Info: | FourOhFourRequest:
1669 Script Info: | HTTP/1.1 302 Found
1670 Script Info: | Location: https:///nice%20ports%2C/Tri%6Eity.txt%2ebak
1671 Script Info: | Connection: close
1672 Script Info: | Set-Cookie: cookiesession1=4F9A58249JF01SEVSHYEVXUH81SD47AB;Path=/;HttpOnly
1673 Script Info: | GetRequest:
1674 Script Info: | HTTP/1.1 302 Found
1675 Script Info: | Location: https:///
1676 Script Info: | Connection: close
1677 Script Info: | Set-Cookie: cookiesession1=4F9A58242KYBOFRY2PL3D2B2S4DL1639;Path=/;HttpOnly
1678 Script Info: | HTTPOptions:
1679 Script Info: | HTTP/1.1 302 Found
1680 Script Info: | Location: https:///
1681 Script Info: | Connection: close
1682 Script Info: |_ Set-Cookie: cookiesession1=4F9A5824QI7Q6FUPYFUWKRXIHRK3BFF4;Path=/;HttpOnly
1683 Script Info: | http-methods:
1684 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1685 Script Info: |_http-title: Did not follow redirect to https://84.235.47.101/
1686 Port: 443/tcp open ssl/http syn-ack ttl 48 Microsoft IIS httpd 8.5
1687 Script Info: |_http-favicon: Unknown favicon MD5: 3087A978D03C8559D73BABB607161A19
1688 Script Info: | http-methods:
1689 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1690 Script Info: |_http-server-header: Microsoft-IIS/8.5
1691 Script Info: | http-title: Outlook Web App
1692 Script Info: |_Requested resource was https://84.235.47.101/owa/auth/logon.aspx?url=https%3a%2f%2f84.235.47.101%2fowa%2f&reason=0
1693 Script Info: | ssl-cert: Subject: commonName=mail.fg.gov.sa/organizationName=General Directorate of Border Guards/countryName=SA
1694 Script Info: | Subject Alternative Name: DNS:mail.fg.gov.sa, DNS:autodiscover.fg.gov.sa, DNS:legacy.fg.gov.sa
1695 Script Info: | Issuer: commonName=DigiCert SHA2 Secure Server CA/organizationName=DigiCert Inc/countryName=US
1696 Script Info: | Public Key type: rsa
1697 Script Info: | Public Key bits: 2048
1698 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1699 Script Info: | Not valid before: 2019-02-21T00:00:00
1700 Script Info: | Not valid after: 2021-02-25T12:00:00
1701 Script Info: | MD5: 20be 26ed d798 9ed4 d313 a799 476d 00aa
1702 Script Info: |_SHA-1: b31f 6910 b709 b1ee 1676 af44 2ce1 6224 6412 6468
1703 Script Info: |_ssl-date: 2019-08-12T05:02:33+00:00; -49s from scanner time.
1704 Script Info: | tls-alpn:
1705 Script Info: |_ http/1.1
1706 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1707 IP: 204.13.250.5
1708 HostName: ns2.p05.dynect.net Type: NS
1709 HostName: ns2.p05.dynect.net Type: PTR
1710 Country: United States
1711 Is Active: True (reset ttl 64)
1712 Port: 53/tcp open domain syn-ack ttl 52 (generic dns response: NOTIMP)
1713 Script Info: | dns-nsid:
1714 Script Info: |_ bind.version: 9.10.5-P3.
1715#######################################################################################################################################
1716Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
1717Nmap scan report for fg.gov.sa (84.235.47.103)
1718Host is up (0.17s latency).
1719Not shown: 477 filtered ports, 4 closed ports
1720Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
1721PORT STATE SERVICE
172280/tcp open http
1723443/tcp open https
1724#######################################################################################################################################
1725Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
1726Nmap scan report for fg.gov.sa (84.235.47.103)
1727Host is up (0.068s latency).
1728Not shown: 2 filtered ports, 1 closed port
1729PORT STATE SERVICE
173053/udp open|filtered domain
173167/udp open|filtered dhcps
173268/udp open|filtered dhcpc
173369/udp open|filtered tftp
173488/udp open|filtered kerberos-sec
1735123/udp open|filtered ntp
1736139/udp open|filtered netbios-ssn
1737161/udp open|filtered snmp
1738162/udp open|filtered snmptrap
1739389/udp open|filtered ldap
1740500/udp open|filtered isakmp
17412049/udp open|filtered nfs
1742#######################################################################################################################################
1743Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
1744NSE: Loaded 162 scripts for scanning.
1745NSE: Script Pre-scanning.
1746Initiating NSE at 00:42
1747Completed NSE at 00:42, 0.00s elapsed
1748Initiating NSE at 00:42
1749Completed NSE at 00:42, 0.00s elapsed
1750Initiating Parallel DNS resolution of 1 host. at 00:42
1751Completed Parallel DNS resolution of 1 host. at 00:42, 0.02s elapsed
1752Initiating SYN Stealth Scan at 00:42
1753Scanning fg.gov.sa (84.235.47.103) [1 port]
1754Discovered open port 80/tcp on 84.235.47.103
1755Completed SYN Stealth Scan at 00:42, 0.24s elapsed (1 total ports)
1756Initiating Service scan at 00:42
1757Scanning 1 service on fg.gov.sa (84.235.47.103)
1758Completed Service scan at 00:44, 125.44s elapsed (1 service on 1 host)
1759Initiating OS detection (try #1) against fg.gov.sa (84.235.47.103)
1760Retrying OS detection (try #2) against fg.gov.sa (84.235.47.103)
1761Initiating Traceroute at 00:44
1762Completed Traceroute at 00:44, 3.08s elapsed
1763Initiating Parallel DNS resolution of 16 hosts. at 00:44
1764Completed Parallel DNS resolution of 16 hosts. at 00:44, 0.33s elapsed
1765NSE: Script scanning 84.235.47.103.
1766Initiating NSE at 00:44
1767Completed NSE at 00:48, 204.47s elapsed
1768Initiating NSE at 00:48
1769Completed NSE at 00:48, 1.01s elapsed
1770Nmap scan report for fg.gov.sa (84.235.47.103)
1771Host is up (0.20s latency).
1772
1773PORT STATE SERVICE VERSION
177480/tcp open http
1775| fingerprint-strings:
1776| FourOhFourRequest:
1777| HTTP/1.0 301 Moved Permanently
1778| Date: Mon, 12 Aug 2019 04:42:52 GMT
1779| Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
1780| Content-Length: 98
1781| Content-Type: text/html
1782| <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1783| GetRequest, HTTPOptions:
1784| HTTP/1.0 301 Moved Permanently
1785| Date: Mon, 12 Aug 2019 04:42:46 GMT
1786| Location: https://192.168.192.151/
1787| Content-Length: 98
1788| Content-Type: text/html
1789|_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
1790| http-aspnet-debug:
1791|_ status: DEBUG is enabled
1792| http-brute:
1793|_ Path "/" does not require authentication
1794|_http-chrono: Request times for /; avg: 1236.14ms; min: 1065.88ms; max: 1876.67ms
1795|_http-csrf: Couldn't find any CSRF vulnerabilities.
1796|_http-date: Mon, 12 Aug 2019 04:44:57 GMT; +5s from local time.
1797|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1798|_http-dombased-xss: Couldn't find any DOM based XSS.
1799|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1800| http-errors:
1801| Spidering limited to: maxpagecount=40; withinhost=fg.gov.sa
1802| Found the following error pages:
1803|
1804| Error Code: 500
1805|_ http://fg.gov.sa:80/
1806|_http-feed: Couldn't find any feeds.
1807|_http-fetch: Please enter the complete path of the directory to save data in.
1808| http-grep:
1809| (1) http://fg.gov.sa:80/:
1810| (1) ip:
1811|_ + 104.245.145.181
1812| http-headers:
1813| Date: Mon, 12 Aug 2019 04:45:07 GMT
1814| Content-Length: 38589
1815| Content-Type: text/html
1816|
1817|_ (Request type: GET)
1818| http-internal-ip-disclosure:
1819|_ Internal IP Leaked: 192.168.192.151
1820|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1821|_http-mobileversion-checker: No mobile version detected.
1822|_http-security-headers:
1823| http-sitemap-generator:
1824| Directory structure:
1825| Longest directory structure:
1826| Depth: 0
1827| Dir: /
1828| Total files found (by extension):
1829|_
1830|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1831|_http-title: The URL you requested has been blocked
1832| http-vhosts:
1833|_127 names had status 500
1834|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1835|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1836|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1837|_http-xssed: No previously reported XSS vuln.
18381 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
1839SF-Port80-TCP:V=7.70%I=7%D=8/12%Time=5D50EE40%P=x86_64-pc-linux-gnu%r(GetR
1840SF:equest,FA,"HTTP/1\.0\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2
1841SF:012\x20Aug\x202019\x2004:42:46\x20GMT\r\nLocation:\x20https://192\.168\
1842SF:.192\.151/\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r
1843SF:\n<head><title>Object\x20moved\x20permanently</title></head><body><h1>O
1844SF:bject\x20Moved\x20Permanently</h1></body>")%r(HTTPOptions,FA,"HTTP/1\.0
1845SF:\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x
1846SF:2004:42:46\x20GMT\r\nLocation:\x20https://192\.168\.192\.151/\r\nConten
1847SF:t-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r\n<head><title>Objec
1848SF:t\x20moved\x20permanently</title></head><body><h1>Object\x20Moved\x20Pe
1849SF:rmanently</h1></body>")%r(FourOhFourRequest,11D,"HTTP/1\.0\x20301\x20Mo
1850SF:ved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x2004:42:52\x2
1851SF:0GMT\r\nLocation:\x20https://192\.168\.192\.151/nice%20ports%2C/Tri%6Ei
1852SF:ty\.txt%2ebak\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\
1853SF:n\r\n<head><title>Object\x20moved\x20permanently</title></head><body><h
1854SF:1>Object\x20Moved\x20Permanently</h1></body>");
1855Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
1856Device type: WAP|general purpose|VoIP phone
1857Running (JUST GUESSING): Linux 2.4.X|2.6.X|3.X (89%), Grandstream embedded (85%)
1858OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:3
1859Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (89%), Linux 2.6.18 - 2.6.22 (86%), Grandstream GXV3275 video phone (85%), Linux 3.2 - 3.8 (85%)
1860No exact OS matches for host (test conditions non-ideal).
1861Uptime guess: 123.706 days (since Wed Apr 10 07:50:56 2019)
1862Network Distance: 17 hops
1863TCP Sequence Prediction: Difficulty=263 (Good luck!)
1864IP ID Sequence Generation: Broken little-endian incremental
1865
1866TRACEROUTE (using port 80/tcp)
1867HOP RTT ADDRESS
18681 34.38 ms 10.251.200.1
18692 34.49 ms 104.245.145.177
18703 35.40 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
18714 35.43 ms te0-0-0-1.agr14.yyz02.atlas.cogentco.com (154.24.54.41)
18725 35.08 ms te0-9-1-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.161)
18736 42.44 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
18747 111.89 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
18758 117.30 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
18769 124.72 ms be3684.ccr41.par01.atlas.cogentco.com (154.54.60.169)
187710 135.76 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
187811 182.59 ms stc.demarc.cogentco.com (149.14.124.98)
187912 203.03 ms 10.188.195.49
188013 204.66 ms 10.188.193.44
188114 200.97 ms 10.188.193.19
188215 204.61 ms 84-235-46-21.static.saudi.net.sa (84.235.46.21)
188316 ...
188417 200.55 ms fg.gov.sa (84.235.47.103)
1885
1886NSE: Script Post-scanning.
1887Initiating NSE at 00:48
1888Completed NSE at 00:48, 0.00s elapsed
1889Initiating NSE at 00:48
1890Completed NSE at 00:48, 0.00s elapsed
1891Read data files from: /usr/bin/../share/nmap
1892#######################################################################################################################################
1893HTTP/1.1 500 Internal Server Error
1894Date: Mon, 12 Aug 2019 04:48:30 GMT
1895Content-Length: 38593
1896Content-Type: text/html
1897
1898HTTP/1.1 500 Internal Server Error
1899Date: Mon, 12 Aug 2019 04:48:30 GMT
1900Content-Length: 38593
1901Content-Type: text/html
1902########################################################################################################################################
1903Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:48 EDT
1904NSE: Loaded 162 scripts for scanning.
1905NSE: Script Pre-scanning.
1906Initiating NSE at 00:48
1907Completed NSE at 00:48, 0.00s elapsed
1908Initiating NSE at 00:48
1909Completed NSE at 00:48, 0.00s elapsed
1910Initiating Parallel DNS resolution of 1 host. at 00:48
1911Completed Parallel DNS resolution of 1 host. at 00:48, 0.03s elapsed
1912Initiating SYN Stealth Scan at 00:48
1913Scanning fg.gov.sa (84.235.47.103) [1 port]
1914Discovered open port 443/tcp on 84.235.47.103
1915Completed SYN Stealth Scan at 00:48, 0.25s elapsed (1 total ports)
1916Initiating Service scan at 00:48
1917Scanning 1 service on fg.gov.sa (84.235.47.103)
1918Completed Service scan at 00:49, 26.41s elapsed (1 service on 1 host)
1919Initiating OS detection (try #1) against fg.gov.sa (84.235.47.103)
1920Retrying OS detection (try #2) against fg.gov.sa (84.235.47.103)
1921Initiating Traceroute at 00:49
1922Completed Traceroute at 00:49, 3.06s elapsed
1923Initiating Parallel DNS resolution of 16 hosts. at 00:49
1924Completed Parallel DNS resolution of 16 hosts. at 00:49, 0.22s elapsed
1925NSE: Script scanning 84.235.47.103.
1926Initiating NSE at 00:49
1927Completed NSE at 00:54, 291.96s elapsed
1928Initiating NSE at 00:54
1929Completed NSE at 00:54, 1.25s elapsed
1930Nmap scan report for fg.gov.sa (84.235.47.103)
1931Host is up (0.20s latency).
1932
1933PORT STATE SERVICE VERSION
1934443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1935|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
1936| http-brute:
1937|_ Path "/" does not require authentication
1938|_http-chrono: Request times for /; avg: 1556.97ms; min: 1521.52ms; max: 1582.14ms
1939|_http-csrf: Couldn't find any CSRF vulnerabilities.
1940|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
1941|_http-dombased-xss: Couldn't find any DOM based XSS.
1942|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
1943| http-errors:
1944| Spidering limited to: maxpagecount=40; withinhost=fg.gov.sa
1945| Found the following error pages:
1946|
1947| Error Code: 500
1948|_ https://fg.gov.sa:443/
1949|_http-feed: Couldn't find any feeds.
1950|_http-fetch: Please enter the complete path of the directory to save data in.
1951| http-grep:
1952| (1) https://fg.gov.sa:443/:
1953| (1) ip:
1954|_ + 104.245.145.181
1955| http-headers:
1956| Content-Length: 38589
1957| Content-Type: text/html
1958|
1959|_ (Request type: GET)
1960|_http-jsonp-detection: Couldn't find any JSONP endpoints.
1961|_http-mobileversion-checker: No mobile version detected.
1962| http-phpmyadmin-dir-traversal:
1963| VULNERABLE:
1964| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
1965| State: LIKELY VULNERABLE
1966| IDs: CVE:CVE-2005-3299
1967| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
1968|
1969| Disclosure date: 2005-10-nil
1970| Extra information:
1971| ../../../../../etc/passwd not found.
1972|
1973| References:
1974| https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
1975|_ http://www.exploit-db.com/exploits/1244/
1976| http-security-headers:
1977| Strict_Transport_Security:
1978|_ HSTS not configured in HTTPS Server
1979| http-sitemap-generator:
1980| Directory structure:
1981| Longest directory structure:
1982| Depth: 0
1983| Dir: /
1984| Total files found (by extension):
1985|_
1986|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
1987|_http-title: The URL you requested has been blocked
1988|_http-traceroute: ERROR: Script execution failed (use -d to debug)
1989| http-vhosts:
1990|_127 names had status 500
1991|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
1992|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
1993|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
1994|_http-xssed: No previously reported XSS vuln.
1995| vulscan: VulDB - https://vuldb.com:
1996| [131683] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Win32k memory corruption
1997| [131642] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Active Directory privilege escalation
1998| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
1999| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
2000| [123853] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel Memory information disclosure
2001| [122858] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 LNK memory corruption
2002| [122833] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI+ memory corruption
2003| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
2004| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
2005| [119469] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel privilege escalation
2006| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
2007| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
2008| [114528] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI privilege escalation
2009| [114524] Microsoft ASP.NET Core 2.0 denial of service
2010| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
2011| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2012| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2013| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2014| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2015| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2016| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
2017| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2018| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
2019| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2020| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2021| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2022| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2023| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2024| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2025| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2026| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2027| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2028| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2029| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2030| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2031| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2032| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2033| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
2034| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
2035| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
2036| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
2037| [111347] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Color Management Icm32.dll information disclosure
2038| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
2039| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
2040| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2041| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature Macro privilege escalation
2042| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
2043| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2044| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2045| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2046| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
2047| [106497] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Uniscribe memory corruption
2048| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2049| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2050| [105051] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Font Library privilege escalation
2051| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
2052| [102513] Microsoft Windows XP SP3/Server 2003 SP2 OLE olecnv32.dll privilege escalation
2053| [102512] Microsoft Windows XP SP3/Server 2003 SP2 rpc privilege escalation
2054| [102511] Microsoft Windows XP SP3/Server 2003 SP2 RDP EsteemAudit privilege escalation
2055| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
2056| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
2057| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
2058| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2059| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
2060| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
2061| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
2062| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
2063| [101011] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 ActiveX Object Memory memory corruption
2064| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
2065| [99904] Microsoft Windows XP SP3/Server 2003 SP2 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
2066| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
2067| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
2068| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2069| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2070| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
2071| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
2072| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
2073| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
2074| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
2075| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2076| [98085] Microsoft Excel 2007 SP3 memory corruption
2077| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2078| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2079| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
2080| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
2081| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2082| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2083| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2084| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2085| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2086| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 information disclosure
2087| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
2088| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2089| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
2090| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
2091| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
2092| [93541] Microsoft Office 2007 SP3 denial of service
2093| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
2094| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
2095| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
2096| [93396] Microsoft Office 2007/2010/2011 memory corruption
2097| [93395] Microsoft Office 2007/2010/2011 memory corruption
2098| [93394] Microsoft Office 2007/2010 memory corruption
2099| [92596] Microsoft Windows Vista SP2/7 SP1/Server 2008 SP2/Server 2008 R2 Internet Messaging API File information disclosure
2100| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
2101| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2102| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
2103| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2104| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2105| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2106| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
2107| [91545] Microsoft Office 2007/2010 memory corruption
2108| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2109| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
2110| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
2111| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
2112| [90705] Microsoft Office 2007/2010/2011 memory corruption
2113| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2114| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
2115| [89034] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
2116| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
2117| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2118| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2119| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2120| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL memory corruption
2121| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
2122| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2123| [87935] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
2124| [87934] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
2125| [87933] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
2126| [87147] Microsoft Office 2007/2010 memory corruption
2127| [87145] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
2128| [87144] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
2129| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2130| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
2131| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
2132| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
2133| [81272] Microsoft Office 2007/2010/2013 memory corruption
2134| [81265] Microsoft Windows Vista SP2/Server 2008 Library Loader memory corruption
2135| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2136| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2137| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
2138| [79506] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Library Loader memory corruption
2139| [79505] Microsoft Office 2007 memory corruption
2140| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
2141| [79503] Microsoft Office 2007/2010/2013 memory corruption
2142| [79502] Microsoft Office 2007/2010/2011 memory corruption
2143| [79501] Microsoft Office 2007/2010 memory corruption
2144| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
2145| [79493] Microsoft Windows Vista/Server 2008 Graphics memory corruption
2146| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
2147| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
2148| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
2149| [79167] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Journal memory corruption
2150| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
2151| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
2152| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 EPS Image memory corruption
2153| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2154| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2155| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2156| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
2157| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
2158| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
2159| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
2160| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
2161| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
2162| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
2163| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
2164| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
2165| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
2166| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
2167| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
2168| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
2169| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
2170| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
2171| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
2172| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
2173| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
2174| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
2175| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
2176| [73979] Microsoft Exchange Server 2003 SP1/2003 CU7 Meeting privilege escalation
2177| [73978] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
2178| [73977] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
2179| [73976] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
2180| [73975] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
2181| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
2182| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2183| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
2184| [69155] Microsoft Excel 2007/2010/2013/- Object memory corruption
2185| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
2186| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2187| [68408] Microsoft Excel 2007/2010/2013 memory corruption
2188| [68407] Microsoft Excel 2007/2010 memory corruption
2189| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
2190| [68195] Microsoft Windows Vista/7/Server 2003/Server 2008 Input Method Editor Sandbox privilege escalation
2191| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
2192| [68188] Microsoft Word 2007 File memory corruption
2193| [68187] Microsoft Word 2007 File memory corruption
2194| [68186] Microsoft Word 2007 File memory corruption
2195| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
2196| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
2197| [71337] Microsoft Office 2000/2004/XP memory corruption
2198| [67355] Microsoft OneNote 2007 File Processing privilege escalation
2199| [67354] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 SQL Master Data Services cross site scripting
2200| [67353] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
2201| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
2202| [13545] Microsoft Word 2007 Embedded Font memory corruption
2203| [13397] Microsoft Windows XP/2000/Server 2003 DHCP Response DHCP ACK spoofing
2204| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
2205| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
2206| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
2207| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2208| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
2209| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2210| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
2211| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
2212| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
2213| [12844] Microsoft Word 2007/2010 Office File memory corruption
2214| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
2215| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
2216| [12530] Microsoft Windows XP/Vista/Server 2003/Server 2008/Server 2012 Security Account Manager Lockout privilege escalation
2217| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
2218| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
2219| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
2220| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
2221| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
2222| [11151] Microsoft Outlook 2007/2010/2013/- S/MIME Certificate Metadata Expansion memory corruption
2223| [11149] Microsoft Office 2003/2007/2010/2013/- WordPerfect Document epsimp32.flt memory corruption
2224| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
2225| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
2226| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
2227| [11081] Microsoft Windows Vista/Server 2008 TIFF Image memory corruption
2228| [10648] Microsoft Word 2007 Word File memory corruption
2229| [10647] Microsoft Word 2003 Word File memory corruption
2230| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
2231| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
2232| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
2233| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
2234| [10244] Microsoft Office 2003 SP3 Word File memory corruption
2235| [10243] Microsoft Office 2003/2007 Word File memory corruption
2236| [10242] Microsoft Office 2007 Word File memory corruption
2237| [10241] Microsoft Office 2007 Word File memory corruption
2238| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
2239| [10239] Microsoft Office 2003/2007 Word File memory corruption
2240| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
2241| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
2242| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
2243| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2244| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2245| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2246| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2247| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2248| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2249| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2250| [10192] Microsoft Windows XP SP3/Vista/7/2000/Server 2003 SP2 Windows Theme File privilege escalation
2251| [10191] Microsoft Windows XP/Server 2003 OLE Object privilege escalation
2252| [10190] Microsoft Windows Vista/7/8/Server 2008 Active Directory denial of service
2253| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
2254| [9941] Microsoft Windows XP/Server 2003 Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
2255| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
2256| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
2257| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
2258| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
2259| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
2260| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
2261| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
2262| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
2263| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
2264| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
2265| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
2266| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
2267| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
2268| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
2269| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
2270| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
2271| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
2272| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
2273| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
2274| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
2275| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
2276| [7641] Microsoft Windows XP/Vista/Server 2003/Server 2008 DirectShow Quartz.dll memory corruption
2277| [8589] Microsoft System Center Operations Manager 2007 SP1/2007 R2 ViewTypeManager.aspx cross site scripting
2278| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
2279| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
2280| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
2281| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
2282| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
2283| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
2284| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
2285| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
2286| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
2287| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
2288| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
2289| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
2290| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
2291| [6830] Microsoft Word 2007/2010 File memory corruption
2292| [6819] Microsoft Excel 2007 File memory corruption
2293| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
2294| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
2295| [6622] Microsoft Word 2003/2007/2010/- RTF Document memory corruption
2296| [6621] Microsoft Word 2007 PAPX memory corruption
2297| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
2298| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
2299| [5939] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Print Spooler Service memory corruption
2300| [5938] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Remote Administration Protocol netapi32.dll RAP Request denial of service
2301| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
2302| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
2303| [5654] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 information disclosure
2304| [5653] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
2305| [5652] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
2306| [5650] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
2307| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
2308| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
2309| [5643] Microsoft SharePoint 2007/2010 information disclosure
2310| [5642] Microsoft SharePoint 2007 cross site request forgery
2311| [5553] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Font atmfd.dll denial of service
2312| [5524] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
2313| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
2314| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
2315| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
2316| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
2317| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
2318| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
2319| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
2320| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
2321| [5046] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
2322| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
2323| [4802] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Protocol denial of service
2324| [4798] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Service memory corruption
2325| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
2326| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
2327| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
2328| [4535] Microsoft Windows XP/Server 2003 Object Packager packager.exe privilege escalation
2329| [4534] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
2330| [4533] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Multimedia Library winmm.dll MIDI File memory corruption
2331| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Redirect
2332| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
2333| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
2334| [4480] Microsoft Excel 2003 memory corruption
2335| [4478] Microsoft Windows XP/Server 2003 OLE Objects Memory Management memory corruption
2336| [4477] Microsoft PowerPoint 2007 OfficeArt Use-After-Free memory corruption
2337| [4474] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Active Directory Query memory corruption
2338| [4473] Microsoft Powerpoint 2007/2010 DLL-Loader memory corruption
2339| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
2340| [4470] Microsoft Office 2003 SP3 memory corruption
2341| [4453] Microsoft Excel 2003 Record Parser memory corruption
2342| [4446] Microsoft Office 2008/2007 OfficeArt Record Parser memory corruption
2343| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
2344| [4438] Microsoft Windows Vista/7/Server 2008 TCP/IP Reference Counter denial of service
2345| [5358] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 TrueType Font Handling memory corruption
2346| [59005] Microsoft Host Integration Server 2004 denial of service
2347| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
2348| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
2349| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
2350| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
2351| [58488] Microsoft Office 2007/2010 memory corruption
2352| [4412] Microsoft Office 2003/2007 Library Loader Designfehler
2353| [4411] Microsoft Excel 2003 memory corruption
2354| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
2355| [58240] Microsoft Visio 2003/2007 memory corruption
2356| [58237] Microsoft Visio 2003/2007/2010 memory corruption
2357| [4396] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
2358| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
2359| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
2360| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
2361| [4388] Microsoft Windows Vista/7/Server 2008 File Metadata Parser denial of service
2362| [57691] Microsoft SQL Server 2008 Web Service information disclosure
2363| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
2364| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
2365| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
2366| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
2367| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
2368| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
2369| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
2370| [4369] Microsoft Excel 2002/2003/2007 memory corruption
2371| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
2372| [4362] Microsoft Windows Vista/7/Server 2008 denial of service
2373| [57420] Microsoft PowerPoint 2002/2003 memory corruption
2374| [4349] Microsoft Office 2004/2008/2007 Presentation File Parser memory corruption
2375| [4348] Microsoft Powerpoint 2002/2003/2007 memory corruption
2376| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
2377| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
2378| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
2379| [57076] Microsoft Excel 2002/2003 memory corruption
2380| [57075] Microsoft Excel 2002/2003 memory corruption
2381| [57074] Microsoft Excel 2002 memory corruption
2382| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
2383| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
2384| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
2385| [56475] Microsoft Office 2004/2008 memory corruption
2386| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
2387| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
2388| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
2389| [4297] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Compact Font Format Driver privilege escalation
2390| [4296] Microsoft Windows XP/Server 2003 LSASS Authentication Request unknown vulnerability
2391| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
2392| [4294] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys unknown vulnerability
2393| [4293] Microsoft Windows XP/Server 2003 Kerberos CRC32 Checksum privilege escalation
2394| [4292] Microsoft Windows XP/Server 2003 CSRSS Logoff privilege escalation
2395| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
2396| [4286] Microsoft Powerpoint 2007 OfficeArt Container Parser memory corruption
2397| [4279] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 MHTML cross site scripting
2398| [56176] Microsoft Windows XP/7/Server 2003 fxscover.exe CDrawPoly::Serialize memory corruption
2399| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
2400| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
2401| [55765] Microsoft Office 2003/Xp Integer memory corruption
2402| [55764] Microsoft Office 2003/Xp memory corruption
2403| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
2404| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
2405| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
2406| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
2407| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
2408| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
2409| [4224] Microsoft Windows Vista/7/Server 2008 Consent User Interface privilege escalation
2410| [4231] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys GreEnableEUDC denial of service
2411| [55420] Microsoft Office 2007/2010 memory corruption
2412| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
2413| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
2414| [55411] Microsoft PowerPoint 2002/2003 memory corruption
2415| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
2416| [54995] Microsoft Office 2004/2008 memory corruption
2417| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
2418| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
2419| [54992] Microsoft Excel 2002 memory corruption
2420| [54991] Microsoft Office 2004 Future memory corruption
2421| [54990] Microsoft Office 2004 memory corruption
2422| [54989] Microsoft Office 2004/2008 memory corruption
2423| [54988] Microsoft Excel 2002 memory corruption
2424| [54987] Microsoft Excel 2002 memory corruption
2425| [54986] Microsoft Excel 2002/2003 memory corruption
2426| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
2427| [54984] Microsoft Office 2004/2008 memory corruption
2428| [54983] Microsoft Excel 2002 Integer memory corruption
2429| [54980] Microsoft Word 2002/2003 memory corruption
2430| [54979] Microsoft Word 2002 memory corruption
2431| [54978] Microsoft Word 2002 memory corruption
2432| [54977] Microsoft Word 2002 Heap-based memory corruption
2433| [54976] Microsoft Word 2002 memory corruption
2434| [54975] Microsoft Word 2002 memory corruption
2435| [54974] Microsoft Word 2002 memory corruption
2436| [54973] Microsoft Word 2002 memory corruption
2437| [54972] Microsoft Word 2002 memory corruption
2438| [54971] Microsoft Word 2002 memory corruption
2439| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
2440| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
2441| [4194] Microsoft Windows Vista/7/Server 2008 SChannel Client Certificate Request denial of service
2442| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
2443| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
2444| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
2445| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
2446| [54554] Microsoft Groove 2007 mso.dll memory corruption
2447| [4187] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack Ipv4SetEchoRequestCreate() denial of service
2448| [54322] Microsoft Word 2002/2003 memory corruption
2449| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
2450| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
2451| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
2452| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
2453| [4165] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
2454| [4162] Microsoft Windows Vista/7/Server 2008 Kernel memory corruption
2455| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
2456| [4149] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Shell Shortcut Parser memory corruption
2457| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
2458| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
2459| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
2460| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
2461| [4151] Microsoft Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel memory corruption
2462| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
2463| [53505] Microsoft Excel 2002/2007 memory corruption
2464| [53501] Microsoft Excel 2002 memory corruption
2465| [53500] Microsoft Excel 2002 memory corruption
2466| [53499] Microsoft Excel 2002 memory corruption
2467| [53495] Microsoft Excel 2002/2003/2007 memory corruption
2468| [53494] Microsoft Excel 2002 Stack-based memory corruption
2469| [53504] Microsoft Excel 2002 memory corruption
2470| [53503] Microsoft Excel 2002 Stack-Based memory corruption
2471| [53502] Microsoft Excel 2002 Heap-based memory corruption
2472| [53498] Microsoft Excel 2002 Stack-based memory corruption
2473| [53497] Microsoft Excel 2002 memory corruption
2474| [53496] Microsoft Excel 2002 memory corruption
2475| [53493] Microsoft Excel 2002/2003/2007 memory corruption
2476| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
2477| [53366] Microsoft ASP.NET 2.0 cross site scripting
2478| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
2479| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
2480| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
2481| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
2482| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
2483| [52773] Microsoft Visio 2002/2003/2007 memory corruption
2484| [52772] Microsoft Visio 2002/2003/2007 memory corruption
2485| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
2486| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
2487| [52543] Microsoft Virtual PC 2007 unknown vulnerability
2488| [52148] Microsoft Office 2004/2008/2007 Uninitialized Memory memory corruption
2489| [52147] Microsoft Office 2004/2008/2007 Spreadsheet Uninitialized Memory memory corruption
2490| [52146] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
2491| [52145] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
2492| [52144] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
2493| [52143] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
2494| [4090] Microsoft Excel 2002/2003/2007 memory corruption
2495| [52036] Microsoft Windows 2000 MsgBox memory corruption
2496| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
2497| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
2498| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
2499| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
2500| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
2501| [51799] Microsoft PowerPoint 2002/2003 memory corruption
2502| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
2503| [4082] Microsoft Powerpoint 2002 memory corruption
2504| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
2505| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
2506| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
2507| [51133] Microsoft Windows 2000 SP4/XP SP2/SP3/Server 2003 SP2 memory corruption
2508| [51074] Microsoft Office 2002/2003 Integer memory corruption
2509| [4069] Microsoft Project 2007/2003 Project Memory Validator memory corruption
2510| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
2511| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
2512| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
2513| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
2514| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
2515| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
2516| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
2517| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
2518| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
2519| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
2520| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
2521| [50443] Microsoft Office Powerpoint 2007 Integer memory corruption
2522| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
2523| [49866] Microsoft Windows Server 2003 memory corruption
2524| [4031] Microsoft Windows Vista/Server 2008 SMB Processor EducatedScholar memory corruption
2525| [4030] Microsoft Windows Vista/Server 2008 Wireless LAN AutoConfig Service Heap-based memory corruption
2526| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
2527| [49745] Microsoft Windows Server 2003 denial of service
2528| [49394] Microsoft Windows Server 2003 memory corruption
2529| [49198] Microsoft Visual Studio 2005 information disclosure
2530| [49047] Microsoft Virtual Server 2005 privilege escalation
2531| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
2532| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
2533| [49044] Microsoft ISA Server 2006 privilege escalation
2534| [3999] Microsoft Office 2007 Pointer memory corruption
2535| [4000] Microsoft Office 2003/Xp/Sp3 Web Components memory corruption
2536| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
2537| [48572] Microsoft Office Powerpoint 2002 FL21WIN.DLL memory corruption
2538| [48517] Microsoft Windows 2000 Memory Leak memory corruption
2539| [48516] Microsoft Windows Server 2008 unknown vulnerability
2540| [48512] Microsoft Windows Server 2008 unknown vulnerability
2541| [48515] Microsoft Office Word Viewer 2003 memory corruption
2542| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
2543| [48554] Microsoft Excel 2000/2003/2007 memory corruption
2544| [48157] Microsoft Office PowerPoint 2002 Sound memory corruption
2545| [48156] Microsoft Office PowerPoint 2000 Stack-based memory corruption
2546| [48154] Microsoft Office PowerPoint 2002 Sound PP7X32.DLL memory corruption
2547| [48152] Microsoft Office PowerPoint 2002 PP4X32.DLL memory corruption
2548| [48150] Microsoft Office PowerPoint 2002 Sound memory corruption
2549| [48147] Microsoft Office PowerPoint 2002 Sound memory corruption
2550| [48146] Microsoft Office PowerPoint 2002 Integer memory corruption
2551| [48155] Microsoft Office PowerPoint 2002 Notes Container Heap-based memory corruption
2552| [48153] Microsoft Office PowerPoint 2002 Sound memory corruption
2553| [48151] Microsoft Office PowerPoint 2002 Stack-based memory corruption
2554| [48149] Microsoft Office PowerPoint 2002 memory corruption
2555| [48148] Microsoft Office PowerPoint 2002 Sound memory corruption
2556| [3974] Microsoft Powerpoint 2000/2002/2003 Sound Data Stack-based memory corruption
2557| [3973] Microsoft Powerpoint 2000/2002/2003 Notes Container Stack-based memory corruption
2558| [3972] Microsoft Powerpoint 2000/2002/2003 BuildList memory corruption
2559| [3971] Microsoft Powerpoint 2000/2002/2003 Object Stack-based memory corruption
2560| [3970] Microsoft Powerpoint 2000/2002/2003 Paragraph Stack-based memory corruption
2561| [3969] Microsoft Powerpoint 2000/2002/2003 Atom Stack-based memory corruption
2562| [47719] Microsoft Windows 2000 Stack-based memory corruption
2563| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
2564| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
2565| [47715] Microsoft Windows 2000 Wordpad memory corruption
2566| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
2567| [3960] Microsoft Windows XP/2000/Server 2003 DirectShow MJPEG memory corruption
2568| [3952] Microsoft ISA Server 2004/2006 denial of service
2569| [3946] Microsoft PowerPoint 2004/2000/2002/2003 memory corruption
2570| [47091] Microsoft Windows Server 2008 unknown vulnerability
2571| [47090] Microsoft Windows Server 2008 unknown vulnerability
2572| [3939] Microsoft Windows 2000 DNS Designfehler
2573| [3938] Microsoft Windows 2000 SSL weak authentication
2574| [3937] Microsoft Windows 2000 memory corruption
2575| [3932] Microsoft Excel 2004/2000/2002/2003/2007 Object Reference Designfehler
2576| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
2577| [46455] Microsoft Exchange Server 2007 denial of service
2578| [46454] Microsoft Exchange Server 2007 memory corruption
2579| [46453] Microsoft Visio 2002/2003/2007 memory corruption
2580| [46452] Microsoft Visio 2002/2003/2007 memory corruption
2581| [46451] Microsoft Visio 2002/2003/2007 memory corruption
2582| [46327] Microsoft Word 2007 information disclosure
2583| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
2584| [45381] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
2585| [45380] Microsoft Windows Vista SP1/Server 2008 Search memory corruption
2586| [45379] Microsoft Office SharePoint Server 2007 denial of service
2587| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
2588| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
2589| [3891] Microsoft Excel 2000/2002/2003 memory corruption
2590| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
2591| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
2592| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
2593| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
2594| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
2595| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
2596| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
2597| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
2598| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
2599| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
2600| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
2601| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
2602| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
2603| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
2604| [45197] Microsoft Windows 2000 nskey.dll memory corruption
2605| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
2606| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
2607| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
2608| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
2609| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
2610| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
2611| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
2612| [3844] Microsoft Excel 2003 REPT memory corruption
2613| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
2614| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based Eingabeung\xC3\xBCltigkeit
2615| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
2616| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
2617| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
2618| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2619| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2620| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
2621| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
2622| [43676] Microsoft Windows XP/Vista/2000/Server 2003 memory corruption
2623| [43675] Microsoft Windows XP/Vista/2000/Server 2003 of memory corruption
2624| [43662] Microsoft Office Powerpoint Viewer up to 2003 memory corruption
2625| [43661] Microsoft Office Powerpoint Viewer 2003 memory corruption
2626| [43660] Microsoft Office Powerpoint Viewer 2003 Integer memory corruption
2627| [43657] Microsoft Office 2000/2003/Xp memory corruption
2628| [43654] Microsoft SharePoint Server 2007 memory corruption
2629| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
2630| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
2631| [3797] Microsoft Windows Vista/Server 2008 IPsec Policy Designfehler
2632| [3796] Microsoft Office 2000 WPG memory corruption
2633| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
2634| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
2635| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
2636| [3792] Microsoft Office 2000 EPS File memory corruption
2637| [3783] Microsoft Word 2002 memory corruption
2638| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
2639| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
2640| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
2641| [3777] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
2642| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
2643| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
2644| [42816] Microsoft Word 2000/2003 memory corruption
2645| [42732] Microsoft Windows XP/Vista/Server 2003 denial of service
2646| [42731] Microsoft Windows Server 2003 denial of service
2647| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
2648| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
2649| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
2650| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
2651| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
2652| [41880] Microsoft Project 2000/2002/2003 memory corruption
2653| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
2654| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
2655| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
2656| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
2657| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
2658| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
2659| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
2660| [41453] Microsoft Excel 2000/2002/2003 memory corruption
2661| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
2662| [41451] Microsoft Excel 2000/2002/2003 memory corruption
2663| [41450] Microsoft Excel 2000 memory corruption
2664| [41449] Microsoft Excel 2000/2002/2003 memory corruption
2665| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
2666| [3648] Microsoft Excel 2003 memory corruption
2667| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
2668| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
2669| [41002] Microsoft Office 2000/2003/Xp memory corruption
2670| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2671| [41000] Microsoft Works 2005/8.0 memory corruption
2672| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
2673| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
2674| [40987] Microsoft Windows 2000 denial of service
2675| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
2676| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
2677| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
2678| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
2679| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
2680| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
2681| [39655] Microsoft Windows Server 2003 spoofing
2682| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
2683| [3373] Microsoft Word 2000/2002 memory corruption
2684| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
2685| [38899] Microsoft ISA Server 2004 information disclosure
2686| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
2687| [38326] Microsoft Windows 2000 attemptwrite memory corruption
2688| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
2689| [3223] Microsoft Windows XP/Server 2003 URI Eingabeung\xC3\xBCltigkeit
2690| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
2691| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
2692| [37738] Microsoft Office 2002/2003 memory corruption
2693| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
2694| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
2695| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
2696| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
2697| [37566] Microsoft Excel 2003 unknown vulnerability
2698| [37526] Microsoft Windows 2000/Server 2003 denial of service
2699| [37248] Microsoft Visio 2002 Packaging memory corruption
2700| [37251] Microsoft Windows 2000 memory corruption
2701| [3119] Microsoft Visio 2002 Object memory corruption
2702| [3118] Microsoft Visio 2002 Data memory corruption
2703| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
2704| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
2705| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
2706| [36616] Microsoft Works 2004/2005/2006 memory corruption
2707| [36621] Microsoft Exchange Server 2000 Integer denial of service
2708| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
2709| [36619] Microsoft Exchange Server 2000/2003/2007 memory corruption
2710| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
2711| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
2712| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
2713| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
2714| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
2715| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
2716| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
2717| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
2718| [36039] Microsoft Content Management Server 2001 memory corruption
2719| [36052] Microsoft Windows 2000 Heap-based memory corruption
2720| [36051] Microsoft Word 2007 file798-1.doc memory corruption
2721| [36050] Microsoft Word 2007 file789-1.doc memory corruption
2722| [36040] Microsoft Content Management Server 2001 cross site scripting
2723| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
2724| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
2725| [2990] Microsoft Windows 2000/XP/Vista Animated Cursor Stack-based memory corruption
2726| [36515] Microsoft Windows 2000/XP/Server 2003 memory corruption
2727| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
2728| [35373] Microsoft Excel 2003 denial of service
2729| [35372] Microsoft Office 2003 denial of service
2730| [35206] Microsoft Windows XP/Server 2003 Crash denial of service
2731| [35161] Microsoft ISA Server 2004 unknown vulnerability
2732| [35236] Microsoft Publisher 2007 memory corruption
2733| [2939] Microsoft Word 2000 memory corruption
2734| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
2735| [34993] Microsoft Office 2000/2003/Xp memory corruption
2736| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
2737| [35000] Microsoft Word 2000/2002/2003 memory corruption
2738| [2933] Microsoft Windows XP SP2/2000 SP4/Server 2003 SP1 OLE Dialog Stack-based memory corruption
2739| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
2740| [2884] Microsoft Word 2000/2002/2003 memory corruption
2741| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
2742| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
2743| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
2744| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
2745| [34322] Microsoft Office 2000/2003/Xp memory corruption
2746| [2811] Microsoft Windows 2000/XP/Server 2003 VML Vector Markup Language Integer memory corruption
2747| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
2748| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
2749| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
2750| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
2751| [34126] Microsoft Office 2003 memory corruption
2752| [34122] Microsoft Office Web Components 2000 memory corruption
2753| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum() denial of service
2754| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
2755| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
2756| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
2757| [2738] Microsoft Windows 2000/XP/Server 2003 SNMP memory corruption
2758| [2737] Microsoft Windows XP/Server 2003 Manifest denial of service
2759| [33766] Microsoft Word 2000/2002/2003 memory corruption
2760| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
2761| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
2762| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
2763| [2688] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware denial of service
2764| [2687] Microsoft Windows 2000/XP/Server 2003 Agent ActiveX ACF File Heap-based memory corruption
2765| [2686] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware memory corruption
2766| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
2767| [2659] Microsoft Windows 2000/XP GDI Crash Designfehler
2768| [2655] Microsoft Windows 2000/XP/Server 2003 XML Core Services Designfehler
2769| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
2770| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
2771| [32693] Microsoft Word 2004 memory corruption
2772| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
2773| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
2774| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
2775| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
2776| [32694] Microsoft Windows 2000 memory corruption
2777| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2778| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2779| [32687] Microsoft Word 2000/2002 memory corruption
2780| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
2781| [2601] Microsoft Windows XP/Server 2003 IPv6 Stack denial of service
2782| [2600] Microsoft Windows XP/Server 2003 IPv6 Stack TCP denial of service
2783| [2599] Microsoft Windows XP/Server 2003 IPv6 Stack ICMP denial of service
2784| [2598] Microsoft Windows XP/Server 2003 Object Packager Designfehler
2785| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
2786| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
2787| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
2788| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
2789| [2593] Microsoft ASP.NET 2.0 cross site scripting
2790| [2571] Microsoft PowerPoint up to 2003 Document memory corruption
2791| [2554] Microsoft PowerPoint 2000 memory corruption
2792| [2522] Microsoft Windows 2000/XP/Server 2003 Indexing Service cross site scripting
2793| [2521] Microsoft Publisher 2000/2002/2003 PUB File Stack-based memory corruption
2794| [2508] Microsoft Word 2000 memory corruption
2795| [2478] Microsoft Internet Explorer up to 6 on Win 2000 HTTP 1.1 Compression Heap-based memory corruption
2796| [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
2797| [2436] Microsoft Windows 2000/XP/Server 2003 Kernel memory corruption
2798| [2435] Microsoft Windows 2000/XP/Server 2003 Exception memory corruption
2799| [2434] Microsoft Windows 2000/XP/Server 2003 Winlogon race condition
2800| [2433] Microsoft Windows 2000 Management Console cross site scripting
2801| [2432] Microsoft Windows 2000/XP/Server 2003 DNS Resolver Heap-based memory corruption
2802| [2431] Microsoft Windows 2000/XP/Server 2003 Winsock API memory corruption
2803| [2430] Microsoft Windows 2000/XP/Server 2003 RPC ELV memory corruption
2804| [2426] Microsoft Windows 2000/XP/Server 2003 WMF File gdi32.dll denial of service
2805| [2415] Microsoft Windows 2000/XP/Server 2003 SMB File srv.sys denial of service
2806| [31527] Microsoft Internet Explorer 6.0 on Win 2000 ActiveX Object Stack-Based denial of service
2807| [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
2808| [31354] Microsoft PowerPoint 2003 memory corruption
2809| [31351] Microsoft ISA Server 2004 Filters unknown vulnerability
2810| [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
2811| [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
2812| [31318] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2813| [31317] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2814| [31316] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2815| [31313] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2816| [31312] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2817| [31311] Microsoft Excel 2000/2002/2003/XP memory corruption
2818| [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
2819| [31237] Microsoft Office 2000/2003/Xp memory corruption
2820| [31235] Microsoft Office 2000/2003/Xp memory corruption
2821| [2371] Microsoft NET Framework up to 2.0 URL Validator unknown vulnerability
2822| [2370] Microsoft Windows 2000/XP/Server 2003 Server Protocol Driver Server Message Block Heap-based memory corruption
2823| [2369] Microsoft Windows 2000/XP/Server 2003 Server Service Mailslot Heap-based memory corruption
2824| [2367] Microsoft Office 2000/2003/XP Document String memory corruption
2825| [2366] Microsoft Windows 2000/XP/Server 2003 DHCP Client memory corruption
2826| [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
2827| [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
2828| [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
2829| [31238] Microsoft Internet Explorer 6.0 on Win 2000 Crash denial of service
2830| [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
2831| [31133] Microsoft Windows XP/Server 2003 explorer.exe memory corruption
2832| [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll Long Hyperlink memory corruption
2833| [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
2834| [30801] Microsoft Windows up to 2000 Connection Manager Stack-based memory corruption
2835| [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
2836| [2311] Microsoft Windows 2000/XP/Server 2003 MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk memory corruption
2837| [2310] Microsoft Windows 2000 RPC spoofing
2838| [2309] Microsoft Windows 2000/XP/Server 2003 Routing and Remote Access Service RPC Request memory corruption
2839| [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
2840| [2307] Microsoft Windows 2000/XP/Server 2003 JScript Object memory corruption
2841| [2306] Microsoft Windows 2000/XP/Server 2003 IP Source Routing memory corruption
2842| [2305] Microsoft Windows XP/Server 2003 ART Image Heap-based memory corruption
2843| [2294] Microsoft Word up to 2003 DOC Document Backdoor Designfehler
2844| [2275] Microsoft Windows XP/Server 2003 mhtml URI inetcomm.dll memory corruption
2845| [2253] Microsoft Word up to 2003 Backdoor memory corruption
2846| [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
2847| [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator Crash denial of service
2848| [2218] Microsoft Windows 2000/XP/Server 2003 MSDTC Heap-based denial of service
2849| [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
2850| [2190] Microsoft Office 2003 mailto URI unknown vulnerability
2851| [2147] Microsoft Windows 2000/XP/Server 2003 COM Object memory corruption
2852| [2135] Microsoft FrontPage Server Extensions 2002 cross site scripting
2853| [29524] Microsoft ISA Server 2004 unknown vulnerability
2854| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
2855| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
2856| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
2857| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
2858| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
2859| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2860| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
2861| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
2862| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2863| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2864| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2865| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2866| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2867| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
2868| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
2869| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2870| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2871| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2872| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2873| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2874| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2875| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2876| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2877| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2878| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2879| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2880| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
2881| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2882| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2883| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2884| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
2885| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
2886| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
2887| [134704] Microsoft SQL Server 2017 Analysis Services information disclosure
2888| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
2889| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
2890| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
2891| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
2892| [134697] Microsoft Office/Word 2016/2019/365 ProPlus memory corruption
2893| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
2894| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
2895| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2896| [133235] Microsoft Azure DevOps Server 2019 privilege escalation
2897| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2898| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
2899| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
2900| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
2901| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
2902| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
2903| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2904| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2905| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
2906| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2907| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2908| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2909| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2910| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
2911| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
2912| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
2913| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
2914| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2915| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
2916| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
2917| [133204] Microsoft Office/Excel up to 2019 memory corruption
2918| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2919| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2920| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2921| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
2922| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
2923| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
2924| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
2925| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
2926| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2927| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
2928| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2929| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
2930| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
2931| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2932| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
2933| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
2934| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
2935| [133184] Microsoft Office 2016 for Mac/2019/365 ProPlus Graphics Component memory corruption
2936| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
2937| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
2938| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
2939| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
2940| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
2941| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
2942| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
2943| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
2944| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
2945| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
2946| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
2947| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
2948| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
2949| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
2950| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
2951| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
2952| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
2953| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
2954| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
2955| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
2956| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
2957| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
2958| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
2959| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
2960| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
2961| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
2962| [131658] Microsoft Windows up to Server 2019 information disclosure
2963| [131657] Microsoft Windows up to Server 2019 denial of service
2964| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2965| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
2966| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
2967| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
2968| [131650] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V denial of service
2969| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
2970| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
2971| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
2972| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
2973| [131632] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2974| [131631] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2975| [131630] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
2976| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
2977| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
2978| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
2979| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2980| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
2981| [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
2982| [131329] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 information disclosure
2983| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
2984| [130832] Microsoft 2013 SP1 spoofing
2985| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
2986| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
2987| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
2988| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
2989| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2990| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
2991| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
2992| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
2993| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
2994| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
2995| [130814] Microsoft Windows up to Server 2019 privilege escalation
2996| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
2997| [130808] Microsoft Windows up to Server 2019 information disclosure
2998| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
2999| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
3000| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3001| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3002| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
3003| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
3004| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3005| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3006| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
3007| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
3008| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
3009| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
3010| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
3011| [130792] Microsoft Windows up to Server 2019 HID information disclosure
3012| [130791] Microsoft Windows up to Server 2019 HID information disclosure
3013| [130790] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3014| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3015| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3016| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3017| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3018| [130785] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus Security Feature Phishing spoofing
3019| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
3020| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
3021| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
3022| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
3023| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3024| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
3025| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
3026| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
3027| [128762] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus Word memory corruption
3028| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3029| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3030| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3031| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3032| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3033| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3034| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3035| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3036| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3037| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3038| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3039| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
3040| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
3041| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
3042| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3043| [128745] Microsoft Office up to 2019 Word Macro information disclosure
3044| [128744] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
3045| [128743] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
3046| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3047| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3048| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
3049| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
3050| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
3051| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
3052| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
3053| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
3054| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
3055| [128732] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus MSHTML Engine privilege escalation
3056| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
3057| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
3058| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3059| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3060| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3061| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3062| [128717] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V memory corruption
3063| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
3064| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
3065| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
3066| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
3067| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
3068| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
3069| [127826] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Win32k ASLR privilege escalation
3070| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
3071| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
3072| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
3073| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
3074| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
3075| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
3076| [127817] Microsoft Excel up to 2019 information disclosure
3077| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
3078| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
3079| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
3080| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
3081| [127809] Microsoft PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus memory corruption
3082| [127806] Microsoft Outlook up to 2019 memory corruption
3083| [127805] Microsoft Excel up to 2019 memory corruption
3084| [127804] Microsoft Excel up to 2019 memory corruption
3085| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
3086| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
3087| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
3088| [126755] Microsoft .NET Core 2.1 privilege escalation
3089| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
3090| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
3091| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
3092| [126748] Microsoft Office 2019/365 ProPlus Outlook Message information disclosure
3093| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
3094| [126746] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
3095| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
3096| [126744] Microsoft Office up to 2019 Word memory corruption
3097| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3098| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3099| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
3100| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
3101| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
3102| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
3103| [126734] Microsoft Office 2019/365 ProPlus information disclosure
3104| [126733] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DirectX memory corruption
3105| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
3106| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
3107| [126727] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
3108| [126726] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
3109| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
3110| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
3111| [126718] Microsoft Windows up to Server 2016 Search memory corruption
3112| [126717] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2019 memory corruption
3113| [126716] Microsoft Office up to 2019 Excel memory corruption
3114| [126715] Microsoft Office 2016/2019/365 ProPlus Excel memory corruption
3115| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
3116| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3117| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
3118| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
3119| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
3120| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
3121| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
3122| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3123| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3124| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
3125| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
3126| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
3127| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
3128| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
3129| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
3130| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
3131| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
3132| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3133| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3134| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3135| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3136| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
3137| [125100] Microsoft Office/Powerpoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
3138| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
3139| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3140| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
3141| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
3142| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
3143| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3144| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3145| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
3146| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
3147| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
3148| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
3149| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
3150| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
3151| [123872] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 SMB information disclosure
3152| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
3153| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
3154| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2013 RT SP1/2016 cross site scripting
3155| [123861] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
3156| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3157| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
3158| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
3159| [123849] Microsoft Windows up to Server 2016 SMB denial of service
3160| [123846] Microsoft Office 2016 on Win/Mac memory corruption
3161| [123844] Microsoft Word 2013 SP1/2013 RT SP1/2016 PDF File memory corruption
3162| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3163| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3164| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
3165| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
3166| [123827] Microsoft Windows up to Server 2016 Image memory corruption
3167| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
3168| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
3169| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
3170| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3171| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3172| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
3173| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
3174| [122875] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
3175| [122874] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3176| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
3177| [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
3178| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
3179| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
3180| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
3181| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
3182| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
3183| [122848] Microsoft Windows Security Feature 2FA weak authentication
3184| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
3185| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
3186| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
3187| [121208] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R Attachment privilege escalation
3188| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3189| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
3190| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
3191| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
3192| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
3193| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
3194| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
3195| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3196| [121098] Microsoft Office 2016/2016 C2R memory corruption
3197| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
3198| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
3199| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3200| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
3201| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
3202| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
3203| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
3204| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
3205| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3206| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
3207| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3208| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3209| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3210| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3211| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3212| [119459] Microsoft Windows up to Server 2016 memory corruption
3213| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
3214| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
3215| [119455] Microsoft Windows up to Server 2016 denial of service
3216| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
3217| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
3218| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
3219| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
3220| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
3221| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
3222| [119436] Microsoft Windows up to Server 2016 memory corruption
3223| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
3224| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
3225| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
3226| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
3227| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
3228| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
3229| [117507] Microsoft Infopath 2013 SP1 memory corruption
3230| [117505] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
3231| [117504] Microsoft Office 2010 SP2 information disclosure
3232| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
3233| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
3234| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3235| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
3236| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
3237| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
3238| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
3239| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
3240| [117473] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3241| [117472] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3242| [117471] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3243| [117470] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3244| [117469] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3245| [117468] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3246| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
3247| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
3248| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
3249| [116132] Microsoft Office 2016 Memory information disclosure
3250| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3251| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
3252| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
3253| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
3254| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
3255| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
3256| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3257| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
3258| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
3259| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
3260| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
3261| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
3262| [116023] Microsoft Office up to 2016 C2R information disclosure
3263| [116022] Microsoft Excel 2010 SP2 memory corruption
3264| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Active Directory privilege escalation
3265| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
3266| [116018] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3267| [116017] Microsoft Excel up to 2016 C2R memory corruption
3268| [116016] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Graphics memory corruption
3269| [116014] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
3270| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
3271| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
3272| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
3273| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
3274| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
3275| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
3276| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
3277| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3278| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
3279| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
3280| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
3281| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3282| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
3283| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
3284| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Kernel information disclosure
3285| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3286| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3287| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3288| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3289| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3290| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3291| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3292| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3293| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3294| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3295| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3296| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
3297| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
3298| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
3299| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
3300| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
3301| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
3302| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
3303| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
3304| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
3305| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
3306| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
3307| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
3308| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
3309| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
3310| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
3311| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
3312| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
3313| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
3314| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
3315| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
3316| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
3317| [114520] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge privilege escalation
3318| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
3319| [114517] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge VFS privilege escalation
3320| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
3321| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
3322| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
3323| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
3324| [113259] Microsoft Windows 10/Server 2016/Server 1709 NTFS privilege escalation
3325| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
3326| [113253] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
3327| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
3328| [113250] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
3329| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
3330| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
3331| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
3332| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
3333| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
3334| [113240] Microsoft Windows 10/Server 2016/Server 1709 AppContainer privilege escalation
3335| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3336| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3337| [113233] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Uninitialized Memory information disclosure
3338| [113232] Microsoft Excel 2016 memory corruption
3339| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
3340| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
3341| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
3342| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
3343| [111567] Microsoft Office 2010/2013/2016 memory corruption
3344| [111564] Microsoft Word 2016 memory corruption
3345| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
3346| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
3347| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3348| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
3349| [110553] Microsoft Office 2016 C2R information disclosure
3350| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
3351| [110551] Microsoft Excel 2016 C2R memory corruption
3352| [110550] Microsoft PowerPoint 2013 SP1/2013 RT SP1/2016 information disclosure
3353| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
3354| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
3355| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
3356| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
3357| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3358| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3359| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
3360| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
3361| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
3362| [107759] Microsoft Windows up to Server 2016 SMB denial of service
3363| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3364| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3365| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
3366| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
3367| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
3368| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
3369| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
3370| [107738] Microsoft Windows up to Server 2016 Search information disclosure
3371| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
3372| [107732] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
3373| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
3374| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3375| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3376| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3377| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
3378| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
3379| [107698] Microsoft Office 2016 memory corruption
3380| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
3381| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3382| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3383| [106529] Microsoft PowerPoint 2016 memory corruption
3384| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
3385| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
3386| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
3387| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
3388| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
3389| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
3390| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
3391| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
3392| [106474] Microsoft Office 2016 memory corruption
3393| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
3394| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
3395| [106470] Microsoft Excel 2011 on Mac memory corruption
3396| [106455] Microsoft Exchange Server 2013/2016 information disclosure
3397| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
3398| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3399| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
3400| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3401| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
3402| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
3403| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
3404| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
3405| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
3406| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
3407| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
3408| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3409| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
3410| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
3411| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
3412| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
3413| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
3414| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
3415| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
3416| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
3417| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
3418| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
3419| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
3420| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
3421| [103468] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 Open Redirect
3422| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
3423| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
3424| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
3425| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
3426| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
3427| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
3428| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
3429| [103426] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
3430| [103425] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
3431| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
3432| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
3433| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
3434| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
3435| [102463] Microsoft Project Server 2013 SP1 cross site scripting
3436| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
3437| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
3438| [102446] Microsoft Office up to 2016 privilege escalation
3439| [102445] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 privilege escalation
3440| [102443] Microsoft Office up to 2016 privilege escalation
3441| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
3442| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
3443| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
3444| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
3445| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
3446| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
3447| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3448| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
3449| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
3450| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3451| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
3452| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
3453| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3454| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
3455| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3456| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3457| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
3458| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
3459| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3460| [101019] Microsoft Skype for Business 2016 memory corruption
3461| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
3462| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
3463| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
3464| [101014] Microsoft Office 2010 SP2/2016 memory corruption
3465| [101013] Microsoft Office 2010 SP2/2016 memory corruption
3466| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3467| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3468| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3469| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
3470| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
3471| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
3472| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
3473| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
3474| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
3475| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
3476| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
3477| [98096] Microsoft Exchange 2013 SP1 privilege escalation
3478| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
3479| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
3480| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3481| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
3482| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
3483| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
3484| [98082] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 denial of service
3485| [98081] Microsoft Excel up to 2016 information disclosure
3486| [98080] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
3487| [98079] Microsoft Word 2016 memory corruption
3488| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
3489| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3490| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
3491| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
3492| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
3493| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
3494| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
3495| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
3496| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
3497| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3498| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
3499| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
3500| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
3501| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
3502| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
3503| [94451] Microsoft Office 2011 memory corruption
3504| [94447] Microsoft Office 2010 SP2 memory corruption
3505| [94446] Microsoft Office 2016 memory corruption
3506| [94444] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL Loader memory corruption
3507| [94443] Microsoft Office up to 2016 information disclosure
3508| [94442] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
3509| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
3510| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
3511| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
3512| [93416] Microsoft SQL Server up to 2012 SP3/2014 SP2/2016 Server Agent atxcore.dll privilege escalation
3513| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
3514| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
3515| [93413] Microsoft SQL Server up to 2014 SP2/2016 RDBMS Engine privilege escalation
3516| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
3517| [93393] Microsoft Office up to 2016 memory corruption
3518| [93392] Microsoft Office up to 2016 memory corruption
3519| [93391] Microsoft Office up to 2016 memory corruption
3520| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
3521| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
3522| [92587] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
3523| [92584] Microsoft Office up to 2016 memory corruption
3524| [91571] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
3525| [91570] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
3526| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
3527| [91555] Microsoft Exchange 2013/2016 Link spoofing
3528| [91550] Microsoft Office 2016 memory corruption
3529| [91547] Microsoft Office 2010 memory corruption
3530| [91543] Microsoft Office up to 2016 memory corruption
3531| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
3532| [90711] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
3533| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
3534| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
3535| [89043] Microsoft Office up to 2016 memory corruption
3536| [89041] Microsoft Office up to 2016 memory corruption
3537| [89040] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 memory corruption
3538| [89038] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature privilege escalation
3539| [89037] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
3540| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
3541| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3542| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
3543| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
3544| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
3545| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
3546| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
3547| [87936] Microsoft Office up to 2016 memory corruption
3548| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
3549| [87156] Microsoft Windows 8.1/RT 8.1/10/Server 2012 R2 Shell memory corruption
3550| [87149] Microsoft Office up to 2016 memory corruption
3551| [87148] Microsoft Office 2010 Graphics memory corruption
3552| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
3553| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
3554| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
3555| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
3556| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
3557| [81274] Microsoft Office up to 2016 memory corruption
3558| [81270] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
3559| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3560| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
3561| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3562| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
3563| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
3564| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
3565| [80870] Microsoft Office up to 2016 memory corruption
3566| [80868] Microsoft Office up to 2016 memory corruption
3567| [80867] Microsoft Office up to 2016 memory corruption
3568| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
3569| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
3570| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
3571| [80231] Microsoft Excel up to 2016 Office Document memory corruption
3572| [80229] Microsoft Exchange Server 2013 SP1/2013 CU 10/2013 CU 11/2016 Outlook Web Access cross site scripting
3573| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3574| [80227] Microsoft Exchange Server 2013 SP1/2013 CU 10/2016 Outlook Web Access cross site scripting
3575| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
3576| [80218] Microsoft Office up to 2016 ASLR privilege escalation
3577| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3578| [80216] Microsoft Office up to 2016 Office Document memory corruption
3579| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
3580| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
3581| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
3582| [79500] Microsoft Office 2010/2011/2016 memory corruption
3583| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
3584| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
3585| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
3586| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
3587| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3588| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
3589| [77638] Microsoft Lync Server 2013 cross site scripting
3590| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3591| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
3592| [77050] Microsoft Office up to 2016 memory corruption
3593| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
3594| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
3595| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
3596| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
3597| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
3598| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
3599| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
3600| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
3601| [75786] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
3602| [66976] Microsoft Access 2010 VBA Datatype denial of service
3603| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
3604| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
3605| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
3606| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
3607| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
3608| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
3609| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
3610| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
3611| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
3612| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
3613| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
3614| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
3615| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
3616| [69156] Microsoft Office 2010 Object memory corruption
3617| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
3618| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
3619| [68191] Microsoft SharePoint 2010 cross site scripting
3620| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
3621| [67518] Microsoft Lync 2013 denial of service
3622| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
3623| [67516] Microsoft Lync 2010/2013 denial of service
3624| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
3625| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
3626| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
3627| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
3628| [13228] Microsoft Office 2013 Document privilege escalation
3629| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
3630| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
3631| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
3632| [12238] Microsoft Windows 8/Server 2012/RT IPv6 denial of service
3633| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
3634| [12183] Microsoft .NET Framework 2/4 DTD denial of service
3635| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
3636| [11468] Microsoft Exchange 2010/2013 cross site scripting
3637| [11466] Microsoft Office 2013 File Response information disclosure
3638| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
3639| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
3640| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
3641| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
3642| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
3643| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
3644| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
3645| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
3646| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
3647| [8722] Microsoft Windows 8/Server 2012/RT HTTP.sys denial of service
3648| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
3649| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
3650| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
3651| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
3652| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
3653| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
3654| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
3655| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
3656| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
3657| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
3658| [7343] Microsoft Lync 2012 HTTP Format String
3659| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
3660| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
3661| [6831] Microsoft Office Picture Manager 2010 File memory corruption
3662| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
3663| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
3664| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
3665| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
3666| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
3667| [5641] Microsoft SharePoint 2010 cross site scripting
3668| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
3669| [12311] Microsoft Lync 2010 Search race condition
3670| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
3671| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
3672| [60208] Microsoft Visio Viewer 2010 memory corruption
3673| [60207] Microsoft Visio Viewer 2010 memory corruption
3674| [60206] Microsoft Visio Viewer 2010 memory corruption
3675| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
3676| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
3677| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
3678| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
3679| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3680| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3681| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
3682| [4424] Microsoft Host Integration Server up to 2010 denial of service
3683| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
3684| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
3685| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
3686| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
3687| [4414] Microsoft SharePoint 2010 cross site scripting
3688| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS Designfehler
3689| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
3690| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
3691| [4332] Microsoft PowerPoint 2010/2007 memory corruption
3692| [56028] Microsoft Data Access Components 2.8 memory corruption
3693| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
3694| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
3695| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3696| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
3697| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
3698| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
3699| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
3700| [4009] Microsoft NET Framework 2.x/3.x denial of service
3701| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
3702| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3703| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3704| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
3705| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
3706| [32692] Microsoft XML Core Services up to 2.6 memory corruption
3707| [32691] Microsoft XML Core Services up to 2.6 memory corruption
3708| [29608] Microsoft Data Access Components 2.7 memory corruption
3709|
3710| MITRE CVE - https://cve.mitre.org:
3711| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
3712| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
3713| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
3714| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
3715| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
3716| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
3717| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
3718| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
3719| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
3720| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
3721| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
3722| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
3723| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
3724| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
3725| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
3726| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
3727| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
3728| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
3729| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
3730| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
3731| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
3732| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
3733| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
3734| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
3735| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
3736| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
3737| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
3738| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
3739| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
3740| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
3741| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
3742| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
3743| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
3744| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
3745| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
3746| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
3747| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
3748| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
3749| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
3750| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3751| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
3752| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
3753| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
3754| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
3755| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
3756| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
3757| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
3758| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
3759| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
3760| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3761| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3762| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3763| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3764| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3765| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3766| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3767| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3768| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3769| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3770| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3771| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3772| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3773| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3774| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3775| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3776| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3777| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3778| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3779| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3780| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3781| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3782| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3783| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3784| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3785| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3786| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3787| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3788| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3789| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
3790| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
3791| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
3792| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
3793| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
3794| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
3795| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
3796| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
3797| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
3798| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
3799| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
3800| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
3801| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
3802| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
3803| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
3804| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
3805| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
3806| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
3807| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
3808| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
3809| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
3810| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
3811| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3812| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
3813| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
3814| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
3815| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3816| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
3817| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3818| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
3819| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3820| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
3821| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
3822| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
3823| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
3824| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
3825| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
3826| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
3827| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
3828| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
3829| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3830| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
3831| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
3832| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
3833| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
3834| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
3835| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
3836| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
3837| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
3838| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
3839| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
3840| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
3841| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
3842| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3843| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
3844| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
3845| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
3846| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3847| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
3848| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
3849| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
3850| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3851| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3852| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
3853| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
3854| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
3855| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
3856| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
3857| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3858| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
3859| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
3860| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
3861| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
3862| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
3863| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
3864| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
3865| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
3866| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
3867| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
3868| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
3869| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
3870| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
3871| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3872| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
3873| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
3874| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3875| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
3876| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
3877| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
3878| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
3879| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
3880| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
3881| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3882| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
3883| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
3884| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3885| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
3886| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
3887| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
3888| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
3889| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
3890| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
3891| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
3892| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
3893| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
3894| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
3895| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
3896| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
3897| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
3898| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
3899| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
3900| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
3901| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
3902| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
3903| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
3904| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
3905| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
3906| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
3907| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
3908| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
3909| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
3910| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
3911| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
3912| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
3913| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
3914| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
3915| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
3916| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
3917| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
3918| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
3919| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3920| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
3921| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
3922| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3923| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
3924| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
3925| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
3926| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
3927| [CVE-2011-1990] Microsoft Excel 2007 SP2
3928| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
3929| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
3930| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
3931| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
3932| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
3933| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
3934| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
3935| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
3936| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
3937| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
3938| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
3939| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
3940| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
3941| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
3942| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
3943| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
3944| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
3945| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
3946| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
3947| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
3948| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
3949| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
3950| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
3951| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
3952| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3953| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3954| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3955| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3956| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3957| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3958| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3959| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
3960| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3961| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3962| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
3963| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3964| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3965| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
3966| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
3967| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
3968| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
3969| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
3970| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
3971| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
3972| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
3973| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
3974| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
3975| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
3976| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
3977| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
3978| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
3979| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
3980| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
3981| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3982| [CVE-2011-1275] Microsoft Excel 2002 SP3
3983| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3984| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
3985| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
3986| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
3987| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
3988| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
3989| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
3990| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
3991| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
3992| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
3993| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
3994| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
3995| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
3996| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
3997| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3998| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
3999| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4000| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4001| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4002| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4003| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4004| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4005| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4006| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4007| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4008| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4009| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4010| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4011| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4012| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4013| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4014| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4015| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
4016| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4017| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4018| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
4019| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
4020| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4021| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4022| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4023| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4024| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4025| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4026| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4027| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4028| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4029| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4030| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
4031| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4032| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
4033| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
4034| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
4035| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
4036| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4037| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
4038| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
4039| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
4040| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
4041| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
4042| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
4043| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
4044| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4045| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4046| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
4047| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
4048| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
4049| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
4050| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4051| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
4052| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
4053| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
4054| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
4055| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
4056| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
4057| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
4058| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
4059| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
4060| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
4061| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
4062| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
4063| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
4064| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
4065| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
4066| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
4067| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
4068| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
4069| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
4070| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
4071| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
4072| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
4073| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
4074| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
4075| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
4076| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
4077| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
4078| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
4079| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
4080| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
4081| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
4082| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
4083| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
4084| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
4085| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
4086| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
4087| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
4088| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4089| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
4090| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
4091| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
4092| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
4093| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
4094| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
4095| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
4096| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
4097| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
4098| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
4099| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
4100| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
4101| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
4102| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
4103| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
4104| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
4105| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
4106| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
4107| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
4108| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
4109| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
4110| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
4111| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
4112| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
4113| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
4114| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
4115| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
4116| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
4117| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
4118| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
4119| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
4120| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
4121| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
4122| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
4123| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
4124| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
4125| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
4126| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
4127| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
4128| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4129| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
4130| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
4131| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
4132| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
4133| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
4134| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
4135| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
4136| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
4137| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
4138| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
4139| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
4140| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
4141| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
4142| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
4143| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
4144| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
4145| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
4146| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
4147| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
4148| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
4149| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
4150| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
4151| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
4152| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
4153| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
4154| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
4155| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
4156| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
4157| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
4158| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
4159| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
4160| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
4161| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
4162| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
4163| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
4164| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
4165| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
4166| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
4167| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
4168| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
4169| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4170| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4171| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
4172| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
4173| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
4174| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
4175| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
4176| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
4177| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
4178| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
4179| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
4180| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
4181| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
4182| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
4183| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
4184| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
4185| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
4186| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
4187| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
4188| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
4189| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4190| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
4191| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
4192| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
4193| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
4194| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
4195| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
4196| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
4197| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
4198| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
4199| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
4200| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
4201| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
4202| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
4203| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
4204| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
4205| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
4206| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
4207| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
4208| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
4209| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
4210| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
4211| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
4212| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
4213| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
4214| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
4215| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
4216| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
4217| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
4218| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
4219| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
4220| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4221| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
4222| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
4223| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
4224| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
4225| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
4226| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
4227| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
4228| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
4229| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
4230| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
4231| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
4232| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
4233| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
4234| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
4235| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
4236| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
4237| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
4238| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
4239| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
4240| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
4241| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
4242| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
4243| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
4244| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
4245| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4246| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
4247| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
4248| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
4249| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
4250| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
4251| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
4252| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
4253| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
4254| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
4255| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
4256| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
4257| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
4258| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
4259| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
4260| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
4261| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
4262| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
4263| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
4264| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
4265| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
4266| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
4267| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
4268| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
4269| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
4270| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
4271| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
4272| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
4273| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
4274| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
4275| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
4276| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
4277| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
4278| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
4279| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
4280| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
4281| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
4282| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
4283| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
4284| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
4285| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
4286| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
4287| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
4288| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
4289| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
4290| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
4291| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
4292| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
4293| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
4294| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
4295| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
4296| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
4297| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4298| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
4299| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4300| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4301| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
4302| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4303| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
4304| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
4305| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
4306| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
4307| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
4308| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
4309| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
4310| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
4311| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
4312| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
4313| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
4314| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4315| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
4316| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
4317| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
4318| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
4319| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
4320| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
4321| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
4322| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
4323| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
4324| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
4325| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
4326| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
4327| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
4328| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
4329| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
4330| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
4331| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
4332| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
4333| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
4334| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
4335| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
4336| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
4337| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
4338| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
4339| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
4340| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
4341| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
4342| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
4343| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
4344| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
4345| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
4346| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
4347| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
4348| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
4349| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
4350| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
4351| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
4352| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
4353| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
4354| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
4355| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
4356| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
4357| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
4358| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
4359| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
4360| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
4361| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
4362| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
4363| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
4364| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
4365| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
4366| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
4367| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
4368| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
4369| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
4370| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
4371| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
4372| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
4373| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
4374| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
4375| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
4376| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
4377| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
4378| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
4379| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
4380| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
4381| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
4382| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4383| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
4384| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4385| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4386| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
4387| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
4388| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4389| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
4390| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4391| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4392| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
4393| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
4394| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
4395| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
4396| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
4397| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
4398| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4399| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
4400| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
4401| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
4402| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
4403| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
4404| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
4405| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
4406| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
4407| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
4408| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
4409| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
4410| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
4411| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4412| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
4413| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
4414| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
4415| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
4416| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
4417| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
4418| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
4419| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
4420| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
4421| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
4422| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
4423| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
4424| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
4425| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
4426| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
4427| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
4428| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
4429| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
4430| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
4431| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
4432| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
4433| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
4434| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
4435| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
4436| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
4437| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
4438| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
4439| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
4440| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
4441| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
4442| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
4443| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
4444| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
4445| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
4446| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
4447| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
4448| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
4449| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
4450| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4451| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
4452| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
4453| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
4454| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
4455| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
4456| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
4457| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
4458| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
4459| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4460| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
4461| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
4462| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
4463| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
4464| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
4465| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
4466| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
4467| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
4468| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
4469| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
4470| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
4471| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4472| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4473| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4474| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4475| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4476| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
4477| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
4478| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
4479| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4480| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
4481| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
4482| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
4483| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
4484| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
4485| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
4486| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4487| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
4488| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
4489| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
4490| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4491| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
4492| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4493| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
4494| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4495| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
4496| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
4497| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
4498| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
4499| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
4500| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
4501| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
4502| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
4503| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
4504| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
4505| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
4506| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
4507| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
4508| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
4509| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
4510| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
4511| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
4512| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
4513| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
4514| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
4515| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
4516| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
4517| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
4518| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
4519| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
4520| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
4521| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
4522| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
4523| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
4524| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
4525| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
4526| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
4527| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
4528| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
4529| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
4530| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
4531| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
4532| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
4533| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
4534| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
4535| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
4536| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
4537| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
4538| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
4539| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
4540| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
4541| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
4542| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
4543| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
4544| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
4545| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
4546| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
4547| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
4548| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
4549| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
4550| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
4551| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
4552| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
4553| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
4554| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
4555| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
4556| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
4557| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
4558| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
4559| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
4560| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
4561| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
4562| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
4563| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
4564| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
4565| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
4566| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
4567| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
4568| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
4569| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
4570| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
4571| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
4572| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
4573| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
4574| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
4575| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
4576| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
4577| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
4578| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
4579| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
4580| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
4581| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
4582| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
4583| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
4584| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
4585| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
4586| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
4587| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
4588| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
4589| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
4590| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
4591| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
4592| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
4593| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
4594| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
4595| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
4596| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
4597| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
4598| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
4599| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
4600| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
4601| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
4602| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4603| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
4604| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
4605| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4606| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
4607| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
4608| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
4609| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
4610| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
4611| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
4612| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
4613| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
4614| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
4615| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
4616| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
4617| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
4618| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
4619| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
4620| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
4621| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
4622| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4623| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
4624| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
4625| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
4626| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
4627| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
4628| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
4629| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
4630| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
4631| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
4632| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
4633| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
4634| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
4635| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
4636| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
4637| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
4638| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4639| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
4640| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
4641| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
4642| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
4643| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
4644| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
4645| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
4646| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
4647| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
4648| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
4649| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
4650| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
4651| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
4652| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
4653| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
4654| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
4655| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
4656| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
4657| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
4658| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
4659| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
4660| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
4661| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
4662| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
4663| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
4664| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
4665| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4666| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
4667| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
4668| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
4669| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
4670| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
4671| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
4672| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
4673| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
4674| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
4675| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
4676| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
4677| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
4678| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
4679| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
4680| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
4681| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
4682| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
4683| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
4684| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
4685| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
4686| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
4687| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
4688| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
4689| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
4690| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
4691| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
4692| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
4693| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
4694| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
4695| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
4696| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
4697| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
4698| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
4699| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
4700| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
4701| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
4702| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
4703| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
4704| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
4705| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
4706| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
4707| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
4708| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
4709| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
4710| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
4711| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
4712| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
4713| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
4714| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
4715| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
4716| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
4717| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
4718| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
4719| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
4720| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
4721| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
4722| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
4723| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
4724| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
4725| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
4726| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
4727| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
4728| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
4729| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
4730| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
4731| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
4732| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
4733| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4734| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
4735| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
4736| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
4737| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
4738| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
4739| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
4740| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
4741| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
4742| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
4743| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
4744| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
4745| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
4746| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
4747| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
4748| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
4749| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
4750| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
4751| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
4752| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
4753| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
4754| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
4755| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
4756| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
4757| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
4758| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
4759| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
4760| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
4761| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
4762| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
4763| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
4764| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
4765| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
4766| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
4767| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
4768| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
4769| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
4770| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
4771| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
4772| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
4773| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
4774| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
4775| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
4776| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
4777| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
4778| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
4779| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
4780| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
4781| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
4782| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
4783| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
4784| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
4785| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
4786| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
4787| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
4788| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
4789| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
4790| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
4791| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
4792| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
4793| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
4794| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
4795| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
4796| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
4797| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
4798| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
4799| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
4800| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
4801| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
4802| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
4803| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
4804| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
4805| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
4806| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
4807| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
4808| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
4809| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
4810| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
4811| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
4812| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
4813| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
4814| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
4815| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
4816| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
4817| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
4818| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
4819| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
4820| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
4821| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
4822| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
4823| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
4824| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
4825| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
4826| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
4827| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
4828| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
4829| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
4830| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
4831| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
4832| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
4833| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
4834| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
4835| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
4836| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
4837| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
4838| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
4839| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
4840| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
4841| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
4842| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
4843| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
4844| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
4845| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
4846| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
4847| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
4848| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
4849| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
4850| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
4851| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
4852| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
4853| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
4854| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
4855| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
4856| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
4857| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
4858| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
4859| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
4860| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
4861| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
4862| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
4863| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
4864| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
4865| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
4866| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
4867| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
4868| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
4869| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
4870| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
4871| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
4872| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
4873| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
4874| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
4875| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
4876| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
4877| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
4878| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
4879| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
4880| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
4881| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
4882| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
4883| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
4884| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
4885| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
4886| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
4887| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
4888| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
4889| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
4890| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
4891| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
4892| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
4893| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
4894| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
4895| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
4896| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
4897| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
4898| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
4899| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
4900| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
4901| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
4902| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
4903| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
4904| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
4905| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
4906| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
4907| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
4908| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
4909| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
4910| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
4911| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
4912| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
4913| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
4914| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
4915| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
4916| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
4917| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
4918| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
4919| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
4920| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
4921| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
4922| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
4923| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
4924| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
4925| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
4926| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
4927| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
4928| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
4929| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
4930| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
4931| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
4932| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
4933| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
4934| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
4935| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
4936| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
4937| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
4938| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
4939| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
4940| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
4941| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
4942| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
4943| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
4944| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
4945| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
4946| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
4947| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
4948| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
4949| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
4950| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
4951| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
4952| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
4953| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
4954| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
4955| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
4956| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
4957| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
4958| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
4959| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
4960| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
4961| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
4962| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
4963| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
4964| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
4965| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
4966| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
4967| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
4968| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
4969| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
4970| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
4971| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
4972| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
4973| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
4974| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
4975| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
4976| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
4977| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
4978| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
4979| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
4980| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
4981| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
4982| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
4983| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
4984| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
4985| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
4986| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
4987| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
4988| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
4989| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
4990| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
4991| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
4992| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
4993| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
4994| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
4995| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
4996| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
4997| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
4998| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
4999| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
5000| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
5001| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
5002| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
5003| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
5004| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
5005| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
5006| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
5007| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
5008| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
5009| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
5010| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
5011| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
5012| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
5013| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
5014| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
5015| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
5016| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
5017| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
5018| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
5019| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
5020| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
5021| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
5022| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
5023| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
5024| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
5025| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
5026| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
5027| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
5028| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
5029| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
5030| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
5031| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
5032| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
5033| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
5034| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
5035| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
5036| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
5037| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
5038| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
5039| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
5040| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
5041| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
5042| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
5043| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
5044| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
5045| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
5046| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
5047| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
5048| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
5049| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
5050| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
5051| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
5052| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
5053| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5054| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5055| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5056| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5057| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
5058| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
5059| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
5060| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
5061| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
5062| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
5063| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
5064| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
5065| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
5066| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
5067| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
5068| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
5069| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
5070| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5071| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5072| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
5073| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
5074| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5075| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
5076| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
5077| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
5078| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
5079| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
5080| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
5081| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
5082| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
5083| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
5084| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
5085| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
5086| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
5087| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
5088| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
5089| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
5090| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
5091| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5092| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5093| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
5094| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
5095| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
5096| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
5097| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
5098| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
5099| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
5100| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5101| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
5102| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
5103| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
5104| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
5105| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5106| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5107| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5108| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5109| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5110| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
5111| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
5112| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
5113| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
5114| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
5115| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
5116| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
5117| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
5118| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5119| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5120| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
5121| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
5122| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
5123| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
5124| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
5125| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
5126| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
5127| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
5128| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
5129| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
5130| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
5131| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
5132| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
5133| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
5134| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
5135| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
5136| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
5137| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
5138| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
5139| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
5140| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
5141| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
5142| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
5143| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
5144| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
5145| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
5146| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
5147| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
5148| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
5149| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
5150| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
5151| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
5152| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
5153| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
5154| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
5155| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
5156| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
5157| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
5158| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
5159| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
5160| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
5161| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
5162| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
5163| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
5164| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
5165| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
5166| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
5167| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
5168| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5169| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5170| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5171| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
5172| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
5173| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
5174| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
5175| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
5176| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
5177| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
5178| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
5179| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
5180| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
5181| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
5182| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
5183| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
5184| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
5185| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
5186| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
5187| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
5188| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
5189| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
5190| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
5191| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
5192| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
5193| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
5194| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
5195| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
5196| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
5197| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
5198| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
5199| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
5200| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
5201|
5202| SecurityFocus - https://www.securityfocus.com/bid/:
5203| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
5204| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
5205| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
5206| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
5207| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
5208| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
5209| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
5210| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
5211| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
5212| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
5213| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
5214| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
5215| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
5216| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
5217| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
5218| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
5219| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
5220| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
5221| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
5222| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
5223| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
5224| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
5225| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
5226| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
5227| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
5228| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
5229| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
5230| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
5231| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
5232| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
5233| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
5234| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
5235| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
5236| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
5237| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
5238| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
5239| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
5240| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
5241| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
5242| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
5243| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
5244| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
5245| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
5246| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
5247| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
5248| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
5249| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
5250| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
5251| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
5252| [22716] Microsoft Office 2003 Denial of Service Vulnerability
5253| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
5254| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
5255| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
5256| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
5257| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
5258| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
5259| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
5260| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
5261| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
5262| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
5263| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
5264| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
5265| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
5266| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
5267| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
5268| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
5269| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
5270| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
5271| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
5272| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
5273| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
5274| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
5275| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
5276| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
5277| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
5278| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
5279| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
5280| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
5281| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
5282| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
5283| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
5284| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
5285| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
5286| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
5287| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
5288| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
5289| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
5290| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
5291| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
5292| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
5293| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
5294| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
5295| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
5296| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
5297| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
5298| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
5299| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
5300| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
5301| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
5302| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
5303| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
5304| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
5305| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
5306| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
5307| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
5308| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
5309| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
5310| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
5311| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
5312| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
5313| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
5314| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
5315| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
5316| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
5317| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
5318| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
5319| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
5320| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
5321| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
5322| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
5323| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
5324| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
5325| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
5326| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
5327| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
5328| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
5329| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
5330| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
5331| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
5332| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
5333| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
5334| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
5335| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
5336| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
5337| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
5338| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
5339| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
5340| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
5341| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
5342| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
5343| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
5344| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
5345| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
5346| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
5347| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
5348| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
5349| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
5350| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
5351| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
5352| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
5353| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
5354| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
5355| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
5356| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
5357| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
5358| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
5359| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
5360| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
5361| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
5362| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
5363| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
5364| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
5365| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
5366| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
5367| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
5368| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
5369| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
5370| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
5371| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
5372| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
5373| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
5374| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
5375| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
5376| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
5377| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
5378| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
5379| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
5380| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
5381| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
5382| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
5383| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
5384| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
5385| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
5386| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
5387| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
5388| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
5389| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
5390| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
5391| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
5392| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
5393| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
5394| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
5395| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
5396| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
5397| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
5398| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
5399| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
5400| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
5401| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
5402| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
5403| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
5404| [1197] Microsoft Office 2000 UA Control Vulnerability
5405| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
5406| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
5407| [539] Microsoft Windows 2000 EFS Vulnerability
5408| [180] Microsoft Windows April Fools 2001 Vulnerability
5409| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
5410| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
5411| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
5412| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
5413| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
5414| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
5415| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
5416| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
5417| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
5418| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
5419| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
5420| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
5421| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
5422| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
5423| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
5424| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
5425| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
5426| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
5427| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
5428| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
5429| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
5430| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
5431| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
5432| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
5433| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
5434| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
5435| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
5436| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
5437| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
5438| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
5439| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
5440| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
5441| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
5442| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
5443| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
5444| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
5445| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
5446| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
5447| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
5448| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
5449| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
5450| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
5451| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
5452| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
5453| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
5454| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
5455| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
5456| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
5457| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
5458| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
5459| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
5460| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
5461| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
5462| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
5463| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
5464| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
5465| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
5466| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
5467| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
5468| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
5469| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
5470| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
5471| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5472| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
5473| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
5474|
5475| IBM X-Force - https://exchange.xforce.ibmcloud.com:
5476| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
5477| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
5478| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
5479| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
5480| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
5481| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
5482| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
5483| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
5484| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
5485| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
5486| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
5487| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
5488| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
5489| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
5490| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
5491| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
5492| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
5493| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
5494| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
5495| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
5496| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
5497| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
5498| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
5499| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
5500| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
5501| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
5502| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
5503| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
5504| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
5505| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
5506| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
5507| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
5508| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
5509| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
5510| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
5511| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
5512| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
5513| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
5514| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
5515| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
5516| [48595] Microsoft Word 2007 Email as PDF information disclosure
5517| [46102] Microsoft Windows 2003 SP2 is not installed on the system
5518| [46101] Microsoft Windows 2003 SP1 is not installed on the system
5519| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
5520| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
5521| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
5522| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
5523| [34599] Microsoft Windows Server 2003 terminal server security bypass
5524| [34473] Microsoft Office 2000 ActiveX control buffer overflow
5525| [33713] Microsoft Word 2007 multiple unspecified denial of service
5526| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
5527| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
5528| [31821] Microsoft Windows time zone update for year 2007
5529| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
5530| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
5531| [29546] Microsoft Windows 2000/2003 user logoff initiated
5532| [29545] Microsoft Windows 2000/2003 system time changed
5533| [29544] Microsoft Windows 2000/2003 system security access removed
5534| [29543] Microsoft Windows 2000/2003 security access granted
5535| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
5536| [29541] Microsoft Windows 2000/2003 primary security token issued
5537| [29540] Microsoft Windows 2000/2003 user password reset successful
5538| [29539] Microsoft Windows 2000/2003 object indirectly accessed
5539| [29538] Microsoft Windows 2000/2003 object handle duplicated
5540| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
5541| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
5542| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
5543| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
5544| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
5545| [29532] Microsoft Windows 2000/2003 IKE security association established
5546| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
5547| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
5548| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
5549| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
5550| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
5551| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
5552| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
5553| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
5554| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
5555| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
5556| [29521] Microsoft Windows 2000/2003 account name changed
5557| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
5558| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
5559| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
5560| [26118] Microsoft Office 2003 mailto: information disclosure
5561| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
5562| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
5563| [24473] Microsoft Windows 2000 event ID 565 not logged
5564| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
5565| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
5566| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
5567| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
5568| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
5569| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
5570| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
5571| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
5572| [22183] Microsoft Exchange Server 2003 public folder denial of service
5573| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
5574| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
5575| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
5576| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
5577| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
5578| [19629] Microsoft Exchange Server 2003 folder denial of service
5579| [17826] Microsoft Outlook 2003 CID security bypass
5580| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
5581| [17621] Microsoft Windows 2003 SMTP service code execution
5582| [17560] Microsoft Windows 2000 and XP GDI library denial of service
5583| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
5584| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
5585| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
5586| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
5587| [16907] Microsoft Windows 2003 users with Create global objects privilege
5588| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
5589| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
5590| [16704] Microsoft Windows 2000 Media Player control code execution
5591| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
5592| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
5593| [16570] Microsoft Windows 2003 Users with Create global objects privilege
5594| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
5595| [16562] Microsoft Windows 2003 Groups with "
5596| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
5597| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
5598| [16520] Microsoft Windows 2003 Create global objects privilege
5599| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
5600| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
5601| [16119] Microsoft Outlook 2000 URL spoofing
5602| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
5603| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5604| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
5605| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
5606| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
5607| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
5608| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
5609| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
5610| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
5611| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
5612| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
5613| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
5614| [13426] Microsoft Windows 2000 and XP RPC race condition
5615| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
5616| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
5617| [13385] Microsoft Windows Server 2003 "
5618| [13211] Microsoft Windows 2000 and XP URG memory leak
5619| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
5620| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
5621| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
5622| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
5623| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
5624| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
5625| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
5626| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
5627| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
5628| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
5629| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
5630| [11901] Microsoft BizTalk Server 2002 SQL injection
5631| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
5632| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
5633| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
5634| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
5635| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
5636| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
5637| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
5638| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
5639| [11216] Microsoft Windows NT and 2000 command prompt denial of service
5640| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
5641| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
5642| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
5643| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
5644| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
5645| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
5646| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
5647| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
5648| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
5649| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
5650| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
5651| [9779] Microsoft Windows 2000 weak system partition permissions
5652| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
5653| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
5654| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
5655| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
5656| [8867] Microsoft Windows 2000 LanMan denial of service
5657| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
5658| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
5659| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
5660| [8739] Microsoft Windows 2000 DCOM memory leak
5661| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
5662| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
5663| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
5664| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
5665| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
5666| [8199] Microsoft Windows 2000 Terminal Services unlocked client
5667| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
5668| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
5669| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
5670| [8037] Microsoft Windows 2000 empty TCP packet denial of service
5671| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
5672| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
5673| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
5674| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
5675| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
5676| [7533] Microsoft Windows 2000 RunAs service denial of service
5677| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
5678| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
5679| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
5680| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
5681| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
5682| [7008] Microsoft Windows 2000 IrDA device denial of service
5683| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
5684| [6931] Microsoft Windows 2000 without Service Pack 2
5685| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
5686| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
5687| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
5688| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
5689| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
5690| [6669] Microsoft Windows 2000 Telnet system call denial of service
5691| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
5692| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
5693| [6666] Microsoft Windows 2000 Telnet username denial of service
5694| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
5695| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
5696| [6652] Microsoft Exchange 2000 OWA script execution
5697| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
5698| [6506] Microsoft Windows 2000 Server Kerberos denial of service
5699| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
5700| [6160] Microsoft Windows 2000 event viewer buffer overflow
5701| [6136] Microsoft Windows 2000 domain controller denial of service
5702| [6035] Microsoft Windows 2000 Server RDP denial of service
5703| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
5704| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
5705| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
5706| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
5707| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
5708| [5585] Microsoft Windows 2000 brute force attack
5709| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
5710| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
5711| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
5712| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
5713| [5263] Microsoft Office 2000 executes .dll without users knowledge
5714| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
5715| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
5716| [5203] Microsoft Windows 2000 still image service
5717| [5171] Microsoft Windows 2000 Local Security Policy corruption
5718| [5080] Microsoft Office 2000 HTML object tag buffer overflow
5719| [5033] Microsoft Windows 2000 without Service Pack 1
5720| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
5721| [5015] Microsoft Windows NT and 2000 executable path
5722| [4887] Microsoft Windows 2000 Kerberos ticket renewed
5723| [4886] Microsoft Windows 2000 logon session reconnected
5724| [4885] Microsoft Windows 2000 logon session disconnected
5725| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
5726| [4873] Microsoft Windows 2000 user account mapped for logon
5727| [4872] Microsoft Windows 2000 account logon failed
5728| [4871] Microsoft Windows 2000 account used for logon
5729| [4855] Microsoft Windows 2000 group type change
5730| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
5731| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
5732| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
5733| [4819] Microsoft Windows 2000 default SYSKEY configuration
5734| [4787] Microsoft Windows 2000 user account locked out
5735| [4786] Microsoft Windows 2000 computer account created
5736| [4785] Microsoft Windows 2000 computer account changed
5737| [4784] Microsoft Windows 2000 computer account deleted
5738| [4714] Microsoft Windows 2000 "
5739| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
5740| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
5741| [4138] Microsoft Windows 2000 system file integrity feature is disabled
5742| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
5743| [4085] Microsoft Windows 2000 non-Gregorial calendar error
5744| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
5745| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
5746| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
5747| [4080] Microsoft Windows 2000 AOL image support
5748| [4079] Microsoft Windows 2000 High Encryption Pack
5749| [3854] Microsoft Office 2000 security setting
5750| [1376] Microsoft Proxy 2.0 denial of service
5751| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
5752| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
5753| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
5754| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
5755| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
5756| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
5757| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
5758| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
5759| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
5760| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
5761| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
5762| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
5763| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
5764| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
5765| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
5766| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
5767| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
5768| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
5769| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
5770| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
5771| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
5772| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
5773| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
5774| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
5775| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
5776| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
5777| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
5778| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
5779| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
5780| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
5781| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
5782| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
5783| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
5784| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
5785| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
5786| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
5787| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
5788| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
5789| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
5790| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
5791| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
5792| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
5793| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
5794| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
5795| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
5796| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
5797| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
5798| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
5799| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
5800| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
5801| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
5802| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
5803| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
5804| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
5805| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
5806| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
5807| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
5808| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
5809| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
5810| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
5811| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
5812| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
5813| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
5814| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
5815| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
5816| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
5817| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
5818| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
5819| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
5820| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
5821| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
5822| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
5823| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
5824| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
5825| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
5826| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
5827| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
5828| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
5829| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
5830| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
5831| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
5832| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
5833| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
5834| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
5835| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
5836| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
5837| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
5838| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
5839| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
5840| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
5841| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
5842| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
5843| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
5844| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
5845| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
5846| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
5847| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
5848| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
5849| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
5850| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
5851| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
5852| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
5853| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
5854| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
5855| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
5856| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
5857| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
5858| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
5859| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
5860| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
5861| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
5862| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
5863| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
5864| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
5865| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
5866| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
5867| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
5868| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
5869| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
5870| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
5871| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
5872| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
5873| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
5874| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
5875| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
5876| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
5877| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
5878| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
5879| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
5880| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
5881| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
5882| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
5883| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
5884| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
5885| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
5886| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
5887| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
5888| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
5889| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
5890| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
5891| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
5892| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
5893| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
5894| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
5895| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
5896| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
5897| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
5898| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
5899| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
5900| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
5901| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
5902| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
5903| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
5904| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
5905| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
5906| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
5907| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
5908| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
5909| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
5910| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
5911| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
5912| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
5913| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
5914| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
5915| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
5916| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
5917| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
5918| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
5919| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
5920| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
5921| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
5922| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
5923| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
5924| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
5925| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
5926| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
5927| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
5928| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
5929| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
5930| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
5931| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
5932| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
5933| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
5934| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
5935| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
5936| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
5937| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
5938| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
5939| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
5940| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
5941| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
5942| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
5943| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
5944| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
5945| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
5946| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
5947| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
5948| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
5949| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
5950| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
5951| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
5952| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
5953| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
5954| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
5955| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
5956| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
5957| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
5958| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
5959| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
5960| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
5961| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
5962| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
5963| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
5964| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
5965| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
5966| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
5967| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
5968| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
5969| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
5970| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
5971| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
5972| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
5973| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
5974| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
5975| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
5976| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
5977| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
5978| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
5979| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
5980| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
5981| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
5982| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
5983| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
5984| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
5985| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
5986| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
5987| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
5988| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
5989| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
5990| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
5991| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
5992| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
5993| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
5994| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
5995| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
5996| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
5997| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
5998| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
5999| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
6000| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
6001| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
6002| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
6003| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
6004| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
6005| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
6006| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
6007| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
6008| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
6009| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
6010| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
6011| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
6012| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
6013| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
6014| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
6015| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
6016| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
6017| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
6018| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
6019| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
6020| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
6021| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
6022| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
6023| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6024| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6025| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
6026| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
6027| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
6028| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
6029| [9146] Microsoft Passport SDK 2.1 events reporting disabled
6030| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
6031| [9067] Microsoft Passport SDK 2.1 default test site exposure
6032| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
6033| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
6034| [9064] Microsoft Passport SDK 2.1 default time window exposure
6035| [1271] Microsoft IIS version 2 installed
6036| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
6037|
6038| Exploit-DB - https://www.exploit-db.com:
6039| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
6040| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
6041| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
6042| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
6043| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
6044| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
6045| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
6046| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
6047| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
6048| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
6049| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
6050| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
6051| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
6052| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
6053| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
6054| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
6055| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
6056| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
6057| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
6058| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
6059| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
6060| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
6061| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
6062| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
6063| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
6064| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
6065| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
6066| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
6067| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
6068| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
6069| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
6070| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
6071| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
6072| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
6073| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
6074| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
6075| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
6076| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
6077| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
6078| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
6079| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
6080| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
6081| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
6082| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
6083| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
6084| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
6085| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
6086| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
6087| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
6088| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
6089| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
6090| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
6091| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
6092| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
6093| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
6094| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
6095| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
6096| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
6097| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
6098| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
6099| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
6100| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
6101| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
6102| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
6103| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
6104| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
6105| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
6106| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
6107| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
6108| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
6109| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
6110| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
6111| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
6112| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
6113| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
6114| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
6115| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
6116| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
6117| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
6118| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
6119| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
6120| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
6121| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
6122| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
6123| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
6124| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
6125| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
6126| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
6127| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
6128| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
6129| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
6130| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
6131| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
6132| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
6133| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
6134| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
6135| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
6136| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
6137| [18334] Microsoft Office 2003 Home/Pro 0day
6138| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
6139| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
6140| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
6141| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
6142| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
6143| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
6144| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
6145| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
6146| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
6147| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
6148| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
6149| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
6150| [3690] microsoft office word 2007 - Multiple Vulnerabilities
6151| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
6152| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
6153| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
6154| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
6155| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
6156| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
6157| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
6158| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
6159| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
6160| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
6161| [22850] Microsoft Office OneNote 2010 Crash PoC
6162| [22679] Microsoft Visio 2010 Crash PoC
6163| [22655] Microsoft Publisher 2013 Crash PoC
6164| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
6165| [22330] Microsoft Office Excel 2010 Crash PoC
6166| [22310] Microsoft Office Publisher 2010 Crash PoC
6167| [22237] Microsoft Office Picture Manager 2010 Crash PoC
6168| [22215] Microsoft Office Word 2010 Crash PoC
6169| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
6170| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
6171| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
6172| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
6173| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
6174| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
6175| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
6176| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
6177| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
6178| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
6179|
6180| OpenVAS (Nessus) - http://www.openvas.org:
6181| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
6182| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
6183| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
6184| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
6185| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
6186| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
6187| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
6188| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
6189| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
6190| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
6191| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
6192| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
6193| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
6194|
6195| SecurityTracker - https://www.securitytracker.com:
6196| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
6197| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
6198| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
6199| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
6200| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
6201| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
6202| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
6203| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
6204| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
6205| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
6206| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
6207| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
6208| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
6209| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
6210| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
6211| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
6212| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
6213| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
6214| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
6215| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
6216| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
6217| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
6218| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
6219| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
6220| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
6221| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
6222| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
6223| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
6224| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
6225| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
6226| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
6227| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
6228| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
6229| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
6230| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
6231| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
6232| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
6233| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
6234| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
6235| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
6236| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
6237| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
6238| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
6239| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
6240| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
6241| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
6242| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
6243| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
6244| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
6245| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
6246| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
6247| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
6248| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
6249| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
6250| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
6251| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
6252| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
6253| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
6254| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
6255|
6256| OSVDB - http://www.osvdb.org:
6257| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
6258| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
6259| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
6260| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
6261| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
6262| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
6263| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
6264| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
6265| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
6266| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
6267| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
6268| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
6269| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
6270| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
6271| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
6272| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
6273| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
6274| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
6275| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
6276| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
6277| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
6278| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
6279| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
6280| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
6281| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
6282| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
6283| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
6284| [28539] Microsoft Word 2000 Unspecified Code Execution
6285| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
6286| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
6287| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
6288| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
6289| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
6290| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
6291| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
6292| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
6293| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
6294| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
6295| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
6296| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
6297| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
6298| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
6299| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
6300| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
6301| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
6302| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
6303| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
6304| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
6305| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
6306| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
6307| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
6308| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
6309| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
6310| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
6311| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
6312| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
6313| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
6314| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
6315| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
6316| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
6317| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
6318| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
6319| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
6320| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
6321| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
6322| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
6323| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
6324| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
6325| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
6326| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
6327| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
6328| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
6329| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
6330| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
6331| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
6332| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
6333| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
6334| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
6335| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
6336| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
6337| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
6338| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
6339| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
6340| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
6341| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
6342| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
6343| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
6344| [8243] Microsoft SMS Port 2702 DoS
6345| [7202] Microsoft PowerPoint 2000 File Loader Overflow
6346| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
6347| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
6348| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
6349| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
6350| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
6351| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
6352| [6965] Microsoft ISA Server 2000 SSL Packet DoS
6353| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
6354| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
6355| [5179] Microsoft Windows 2000 microsoft-ds DoS
6356| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
6357| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
6358| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
6359| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
6360| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
6361| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
6362| [4168] Microsoft Outlook 2002 mailto URI Script Injection
6363| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
6364| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
6365| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
6366| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
6367| [2244] Microsoft Windows 2000 ShellExecute() API Let
6368| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
6369| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
6370| [1764] Microsoft Windows 2000 Domain Controller DoS
6371| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
6372| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
6373| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
6374| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
6375| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
6376| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
6377| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
6378| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
6379| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
6380| [1399] Microsoft Windows 2000 Windows Station Access
6381| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
6382| [1297] Microsoft Windows 2000 Active Directory Object Attribute
6383| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
6384| [773] Microsoft Windows 2000 Group Policy File Lock DoS
6385| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
6386| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
6387| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
6388| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
6389| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
6390| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
6391|_
6392Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6393Device type: general purpose
6394Running (JUST GUESSING): Linux 2.6.X (86%)
6395OS CPE: cpe:/o:linux:linux_kernel:2.6
6396Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (86%)
6397No exact OS matches for host (test conditions non-ideal).
6398Network Distance: 17 hops
6399TCP Sequence Prediction: Difficulty=261 (Good luck!)
6400IP ID Sequence Generation: All zeros
6401Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
6402
6403TRACEROUTE (using port 443/tcp)
6404HOP RTT ADDRESS
64051 41.17 ms 10.251.200.1
64062 41.26 ms 104.245.145.177
64073 42.56 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
64084 42.81 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
64095 41.98 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
64106 49.40 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
64117 118.90 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
64128 124.27 ms be2391.ccr51.lhr01.atlas.cogentco.com (154.54.39.149)
64139 126.25 ms be3684.ccr41.par01.atlas.cogentco.com (154.54.60.169)
641410 136.73 ms be3092.ccr21.mrs01.atlas.cogentco.com (130.117.49.154)
641511 183.92 ms stc.demarc.cogentco.com (149.14.124.106)
641612 196.89 ms 10.188.195.49
641713 199.90 ms 10.188.193.44
641814 207.64 ms 10.188.193.41
641915 203.24 ms 84-235-46-21.static.saudi.net.sa (84.235.46.21)
642016 ...
642117 199.29 ms fg.gov.sa (84.235.47.103)
6422
6423NSE: Script Post-scanning.
6424Initiating NSE at 00:54
6425Completed NSE at 00:54, 0.00s elapsed
6426Initiating NSE at 00:54
6427Completed NSE at 00:54, 0.00s elapsed
6428Read data files from: /usr/bin/../share/nmap
6429###############################################################################################
6430Version: 1.11.13-static
6431OpenSSL 1.0.2-chacha (1.0.2g-dev)
6432
6433Connected to 84.235.47.103
6434
6435Testing SSL server 84.235.47.103 on port 443 using SNI name 84.235.47.103
6436
6437 TLS Fallback SCSV:
6438Server supports TLS Fallback SCSV
6439
6440 TLS renegotiation:
6441Secure session renegotiation supported
6442
6443 TLS Compression:
6444Compression disabled
6445
6446 Heartbleed:
6447TLS 1.2 not vulnerable to heartbleed
6448TLS 1.1 not vulnerable to heartbleed
6449TLS 1.0 not vulnerable to heartbleed
6450
6451 Supported Server Cipher(s):
6452Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
6453Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
6454Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
6455Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
6456Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
6457Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
6458Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
6459Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA256 DHE 2048 bits
6460Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
6461Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
6462Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
6463Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA256 DHE 2048 bits
6464Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
6465Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
6466Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
6467Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
6468Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
6469Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
6470Accepted TLSv1.2 256 bits AES256-GCM-SHA384
6471Accepted TLSv1.2 128 bits AES128-GCM-SHA256
6472Accepted TLSv1.2 256 bits AES256-SHA256
6473Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
6474Accepted TLSv1.2 128 bits AES128-SHA256
6475Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
6476Accepted TLSv1.2 256 bits AES256-SHA
6477Accepted TLSv1.2 256 bits CAMELLIA256-SHA
6478Accepted TLSv1.2 128 bits AES128-SHA
6479Accepted TLSv1.2 128 bits CAMELLIA128-SHA
6480Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
6481Accepted TLSv1.2 128 bits SEED-SHA
6482Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
6483Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
6484Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
6485Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
6486Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
6487Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
6488Accepted TLSv1.1 256 bits AES256-SHA
6489Accepted TLSv1.1 256 bits CAMELLIA256-SHA
6490Accepted TLSv1.1 128 bits AES128-SHA
6491Accepted TLSv1.1 128 bits CAMELLIA128-SHA
6492Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
6493Accepted TLSv1.1 128 bits SEED-SHA
6494Accepted TLSv1.1 128 bits IDEA-CBC-SHA
6495Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
6496Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
6497Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
6498Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
6499Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
6500Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
6501Accepted TLSv1.0 256 bits AES256-SHA
6502Accepted TLSv1.0 256 bits CAMELLIA256-SHA
6503Accepted TLSv1.0 128 bits AES128-SHA
6504Accepted TLSv1.0 128 bits CAMELLIA128-SHA
6505Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
6506Accepted TLSv1.0 128 bits SEED-SHA
6507Accepted TLSv1.0 128 bits IDEA-CBC-SHA
6508
6509 SSL Certificate:
6510Signature Algorithm: sha256WithRSAEncryption
6511RSA Key Strength: 2048
6512
6513Subject: fg.gov.sa
6514Altnames: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
6515Issuer: DigiCert SHA2 Secure Server CA
6516
6517Not valid before: Mar 25 00:00:00 2019 GMT
6518Not valid after: Apr 1 12:00:00 2020 GMT
6519#######################################################################################################################################
6520Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 01:02 EDT
6521NSE: Loaded 45 scripts for scanning.
6522NSE: Script Pre-scanning.
6523Initiating NSE at 01:02
6524Completed NSE at 01:02, 0.00s elapsed
6525Initiating NSE at 01:02
6526Completed NSE at 01:02, 0.00s elapsed
6527Initiating Ping Scan at 01:02
6528Scanning 84.235.47.103 [4 ports]
6529Completed Ping Scan at 01:02, 0.23s elapsed (1 total hosts)
6530Initiating Parallel DNS resolution of 1 host. at 01:02
6531Completed Parallel DNS resolution of 1 host. at 01:02, 0.03s elapsed
6532Initiating SYN Stealth Scan at 01:02
6533Scanning fg.gov.sa (84.235.47.103) [65535 ports]
6534Discovered open port 80/tcp on 84.235.47.103
6535Discovered open port 443/tcp on 84.235.47.103
6536SYN Stealth Scan Timing: About 8.19% done; ETC: 01:08 (0:05:47 remaining)
6537SYN Stealth Scan Timing: About 35.57% done; ETC: 01:04 (0:01:51 remaining)
6538SYN Stealth Scan Timing: About 68.93% done; ETC: 01:04 (0:00:41 remaining)
6539Completed SYN Stealth Scan at 01:03, 115.72s elapsed (65535 total ports)
6540Initiating Service scan at 01:03
6541Scanning 2 services on fg.gov.sa (84.235.47.103)
6542Completed Service scan at 01:04, 5.00s elapsed (2 services on 1 host)
6543Initiating OS detection (try #1) against fg.gov.sa (84.235.47.103)
6544Initiating Traceroute at 01:04
6545Completed Traceroute at 01:04, 0.05s elapsed
6546Initiating Parallel DNS resolution of 2 hosts. at 01:04
6547Completed Parallel DNS resolution of 2 hosts. at 01:04, 0.00s elapsed
6548NSE: Script scanning 84.235.47.103.
6549Initiating NSE at 01:04
6550Completed NSE at 01:04, 6.07s elapsed
6551Initiating NSE at 01:04
6552Completed NSE at 01:04, 0.00s elapsed
6553Nmap scan report for fg.gov.sa (84.235.47.103)
6554Host is up (0.037s latency).
6555Not shown: 65529 filtered ports
6556PORT STATE SERVICE VERSION
655725/tcp closed smtp
655880/tcp open tcpwrapped
6559113/tcp closed ident
6560139/tcp closed netbios-ssn
6561443/tcp open tcpwrapped
6562445/tcp closed microsoft-ds
6563Device type: WAP
6564Running: Linux 2.6.X
6565OS CPE: cpe:/o:linux:linux_kernel:2.6.22
6566OS details: Tomato firmware (Linux 2.6.22)
6567Network Distance: 2 hops
6568
6569TRACEROUTE (using port 445/tcp)
6570HOP RTT ADDRESS
65711 39.30 ms 10.251.200.1
65722 39.30 ms fg.gov.sa (84.235.47.103)
6573
6574NSE: Script Post-scanning.
6575Initiating NSE at 01:04
6576Completed NSE at 01:04, 0.00s elapsed
6577Initiating NSE at 01:04
6578Completed NSE at 01:04, 0.00s elapsed
6579Read data files from: /usr/bin/../share/nmap
6580###############################################################################################
6581Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 01:04 EDT
6582NSE: Loaded 45 scripts for scanning.
6583NSE: Script Pre-scanning.
6584Initiating NSE at 01:04
6585Completed NSE at 01:04, 0.00s elapsed
6586Initiating NSE at 01:04
6587Completed NSE at 01:04, 0.00s elapsed
6588Initiating Parallel DNS resolution of 1 host. at 01:04
6589Completed Parallel DNS resolution of 1 host. at 01:04, 0.02s elapsed
6590Initiating UDP Scan at 01:04
6591Scanning fg.gov.sa (84.235.47.103) [15 ports]
6592Completed UDP Scan at 01:04, 1.74s elapsed (15 total ports)
6593Initiating Service scan at 01:04
6594Scanning 12 services on fg.gov.sa (84.235.47.103)
6595Service scan Timing: About 8.33% done; ETC: 01:23 (0:17:58 remaining)
6596Completed Service scan at 01:05, 102.59s elapsed (12 services on 1 host)
6597Initiating OS detection (try #1) against fg.gov.sa (84.235.47.103)
6598Initiating Traceroute at 01:05
6599Completed Traceroute at 01:06, 7.09s elapsed
6600Initiating Parallel DNS resolution of 1 host. at 01:06
6601Completed Parallel DNS resolution of 1 host. at 01:06, 0.00s elapsed
6602NSE: Script scanning 84.235.47.103.
6603Initiating NSE at 01:06
6604Completed NSE at 01:06, 7.14s elapsed
6605Initiating NSE at 01:06
6606Completed NSE at 01:06, 1.13s elapsed
6607Nmap scan report for fg.gov.sa (84.235.47.103)
6608Host is up (0.10s latency).
6609
6610PORT STATE SERVICE VERSION
661153/udp open|filtered domain
661267/udp open|filtered dhcps
661368/udp open|filtered dhcpc
661469/udp open|filtered tftp
661588/udp open|filtered kerberos-sec
6616123/udp open|filtered ntp
6617137/udp filtered netbios-ns
6618138/udp filtered netbios-dgm
6619139/udp open|filtered netbios-ssn
6620161/udp open|filtered snmp
6621162/udp open|filtered snmptrap
6622389/udp open|filtered ldap
6623500/udp open|filtered isakmp
6624520/udp closed route
66252049/udp open|filtered nfs
6626Device type: printer|broadband router|general purpose|media device|VoIP phone|WAP
6627Running: HP embedded, Linux 2.4.X|2.6.X, LifeSize embedded, ShoreTel embedded, Microsoft Windows 2003
6628OS CPE: cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4 cpe:/h:shoretel:8800 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:microsoft:windows_server_2003:::enterprise
6629Too many fingerprints match this host to give specific OS details
6630Network Distance: 16 hops
6631
6632TRACEROUTE (using port 137/udp)
6633HOP RTT ADDRESS
66341 ... 6
66357 33.54 ms 10.251.200.1
66368 ... 9
663710 33.39 ms 10.251.200.1
663811 34.41 ms 10.251.200.1
663912 34.40 ms 10.251.200.1
664013 34.38 ms 10.251.200.1
664114 34.33 ms 10.251.200.1
664215 34.32 ms 10.251.200.1
664316 34.32 ms 10.251.200.1
664417 ... 18
664519 32.47 ms 10.251.200.1
664620 32.88 ms 10.251.200.1
664721 ... 28
664829 33.18 ms 10.251.200.1
664930 36.96 ms 10.251.200.1
6650
6651NSE: Script Post-scanning.
6652Initiating NSE at 01:06
6653Completed NSE at 01:06, 0.00s elapsed
6654Initiating NSE at 01:06
6655Completed NSE at 01:06, 0.00s elapsed
6656Read data files from: /usr/bin/../share/nmap
6657OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
6658Nmap done: 1 IP address (1 host up) scanned in 122.52 seconds
6659 Raw packets sent: 115 (8.704KB) | Rcvd: 32 (3.494KB)
6660#######################################################################################################################################
6661Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
6662Nmap scan report for fg.gov.sa (87.101.230.92)
6663Host is up (0.14s latency).
6664Not shown: 477 filtered ports, 4 closed ports
6665Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
6666PORT STATE SERVICE
666780/tcp open http
6668443/tcp open https
6669#######################################################################################################################################
6670Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
6671Nmap scan report for fg.gov.sa (87.101.230.92)
6672Host is up (0.055s latency).
6673Not shown: 2 filtered ports, 1 closed port
6674PORT STATE SERVICE
667553/udp open|filtered domain
667667/udp open|filtered dhcps
667768/udp open|filtered dhcpc
667869/udp open|filtered tftp
667988/udp open|filtered kerberos
6680123/udp open|filtered ntp
6681139/udp open|filtered netbios-ssn
6682161/udp open|filtered snmp
6683162/udp open|filtered snmptrap
6684389/udp open|filtered ldap
6685500/udp open|filtered isakmp
66862049/udp open|filtered nfs
6687########################################################################################################################################
6688Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:42 EDT
6689NSE: Loaded 162 scripts for scanning.
6690NSE: Script Pre-scanning.
6691Initiating NSE at 00:42
6692Completed NSE at 00:42, 0.00s elapsed
6693Initiating NSE at 00:42
6694Completed NSE at 00:42, 0.00s elapsed
6695Initiating Parallel DNS resolution of 1 host. at 00:42
6696Completed Parallel DNS resolution of 1 host. at 00:42, 0.02s elapsed
6697Initiating SYN Stealth Scan at 00:42
6698Scanning fg.gov.sa (87.101.230.92) [1 port]
6699Discovered open port 80/tcp on 87.101.230.92
6700Completed SYN Stealth Scan at 00:42, 0.27s elapsed (1 total ports)
6701Initiating Service scan at 00:42
6702Scanning 1 service on fg.gov.sa (87.101.230.92)
6703Completed Service scan at 00:45, 126.52s elapsed (1 service on 1 host)
6704Initiating OS detection (try #1) against fg.gov.sa (87.101.230.92)
6705Retrying OS detection (try #2) against fg.gov.sa (87.101.230.92)
6706Initiating Traceroute at 00:45
6707Completed Traceroute at 00:45, 3.16s elapsed
6708Initiating Parallel DNS resolution of 17 hosts. at 00:45
6709Completed Parallel DNS resolution of 17 hosts. at 00:45, 0.67s elapsed
6710NSE: Script scanning 87.101.230.92.
6711Initiating NSE at 00:45
6712Completed NSE at 00:49, 232.71s elapsed
6713Initiating NSE at 00:49
6714Completed NSE at 00:49, 1.15s elapsed
6715Nmap scan report for fg.gov.sa (87.101.230.92)
6716Host is up (0.23s latency).
6717
6718PORT STATE SERVICE VERSION
671980/tcp open http
6720| fingerprint-strings:
6721| FourOhFourRequest:
6722| HTTP/1.0 301 Moved Permanently
6723| Date: Mon, 12 Aug 2019 04:43:15 GMT
6724| Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
6725| Content-Length: 98
6726| Content-Type: text/html
6727| <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
6728| GetRequest, HTTPOptions:
6729| HTTP/1.0 301 Moved Permanently
6730| Date: Mon, 12 Aug 2019 04:43:09 GMT
6731| Location: https://192.168.192.151/
6732| Content-Length: 98
6733| Content-Type: text/html
6734|_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
6735| http-aspnet-debug:
6736|_ status: DEBUG is enabled
6737| http-brute:
6738|_ Path "/" does not require authentication
6739|_http-chrono: Request times for /; avg: 1118.73ms; min: 1056.25ms; max: 1212.50ms
6740|_http-csrf: Couldn't find any CSRF vulnerabilities.
6741|_http-date: Mon, 12 Aug 2019 04:45:21 GMT; +6s from local time.
6742|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
6743|_http-dombased-xss: Couldn't find any DOM based XSS.
6744|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
6745| http-errors:
6746| Spidering limited to: maxpagecount=40; withinhost=fg.gov.sa
6747| Found the following error pages:
6748|
6749| Error Code: 500
6750|_ http://fg.gov.sa:80/
6751|_http-feed: Couldn't find any feeds.
6752|_http-fetch: Please enter the complete path of the directory to save data in.
6753| http-grep:
6754| (1) http://fg.gov.sa:80/:
6755| (1) ip:
6756|_ + 104.245.145.181
6757| http-headers:
6758| Date: Mon, 12 Aug 2019 04:45:30 GMT
6759| Content-Length: 38589
6760| Content-Type: text/html
6761|
6762|_ (Request type: GET)
6763| http-internal-ip-disclosure:
6764|_ Internal IP Leaked: 192.168.192.151
6765|_http-jsonp-detection: Couldn't find any JSONP endpoints.
6766|_http-mobileversion-checker: No mobile version detected.
6767|_http-security-headers:
6768| http-sitemap-generator:
6769| Directory structure:
6770| Longest directory structure:
6771| Depth: 0
6772| Dir: /
6773| Total files found (by extension):
6774|_
6775|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
6776|_http-title: The URL you requested has been blocked
6777| http-vhosts:
6778|_127 names had status 500
6779|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
6780|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
6781|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
6782|_http-xssed: No previously reported XSS vuln.
67831 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
6784SF-Port80-TCP:V=7.70%I=7%D=8/12%Time=5D50EE57%P=x86_64-pc-linux-gnu%r(GetR
6785SF:equest,FA,"HTTP/1\.0\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2
6786SF:012\x20Aug\x202019\x2004:43:09\x20GMT\r\nLocation:\x20https://192\.168\
6787SF:.192\.151/\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r
6788SF:\n<head><title>Object\x20moved\x20permanently</title></head><body><h1>O
6789SF:bject\x20Moved\x20Permanently</h1></body>")%r(HTTPOptions,FA,"HTTP/1\.0
6790SF:\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x
6791SF:2004:43:09\x20GMT\r\nLocation:\x20https://192\.168\.192\.151/\r\nConten
6792SF:t-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r\n<head><title>Objec
6793SF:t\x20moved\x20permanently</title></head><body><h1>Object\x20Moved\x20Pe
6794SF:rmanently</h1></body>")%r(FourOhFourRequest,11D,"HTTP/1\.0\x20301\x20Mo
6795SF:ved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x2004:43:15\x2
6796SF:0GMT\r\nLocation:\x20https://192\.168\.192\.151/nice%20ports%2C/Tri%6Ei
6797SF:ty\.txt%2ebak\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\
6798SF:n\r\n<head><title>Object\x20moved\x20permanently</title></head><body><h
6799SF:1>Object\x20Moved\x20Permanently</h1></body>");
6800Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
6801Device type: WAP|general purpose|VoIP phone
6802Running (JUST GUESSING): Linux 2.4.X|2.6.X|3.X (89%), Grandstream embedded (85%)
6803OS CPE: cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6 cpe:/h:grandstream:gxv3275 cpe:/o:linux:linux_kernel:3
6804Aggressive OS guesses: Tomato 1.27 - 1.28 (Linux 2.4.20) (89%), Linux 2.6.18 - 2.6.22 (86%), Grandstream GXV3275 video phone (85%), Linux 3.2 - 3.8 (85%), Linux 3.3 (85%)
6805No exact OS matches for host (test conditions non-ideal).
6806Uptime guess: 123.707 days (since Wed Apr 10 07:50:56 2019)
6807Network Distance: 20 hops
6808TCP Sequence Prediction: Difficulty=255 (Good luck!)
6809IP ID Sequence Generation: Randomized
6810
6811TRACEROUTE (using port 80/tcp)
6812HOP RTT ADDRESS
68131 34.28 ms 10.251.200.1
68142 34.33 ms 104.245.145.177
68153 34.38 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
68164 34.87 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
68175 34.38 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
68186 41.34 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
68197 110.82 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
68208 119.87 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
68219 126.90 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
682210 126.93 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
682311 128.93 ms 149.14.159.74
682412 239.08 ms 195.229.0.228
682513 240.09 ms 195.229.3.94
682614 236.66 ms 195.229.27.178
682715 ... 16
682817 230.61 ms 87.101.225.209
682918 230.14 ms 87.101.225.210
683019 ...
683120 228.78 ms fg.gov.sa (87.101.230.92)
6832
6833NSE: Script Post-scanning.
6834Initiating NSE at 00:49
6835Completed NSE at 00:49, 0.00s elapsed
6836Initiating NSE at 00:49
6837Completed NSE at 00:49, 0.00s elapsed
6838Read data files from: /usr/bin/../share/nmap
6839#######################################################################################################################################
6840HTTP/1.1 500 Internal Server Error
6841Date: Mon, 12 Aug 2019 04:49:21 GMT
6842Content-Length: 38593
6843Content-Type: text/html
6844
6845HTTP/1.1 500 Internal Server Error
6846Date: Mon, 12 Aug 2019 04:49:22 GMT
6847Content-Length: 38593
6848Content-Type: text/html
6849#######################################################################################################################################
6850Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 00:49 EDT
6851NSE: Loaded 162 scripts for scanning.
6852NSE: Script Pre-scanning.
6853Initiating NSE at 00:49
6854Completed NSE at 00:49, 0.00s elapsed
6855Initiating NSE at 00:49
6856Completed NSE at 00:49, 0.00s elapsed
6857Initiating Parallel DNS resolution of 1 host. at 00:49
6858Completed Parallel DNS resolution of 1 host. at 00:49, 0.03s elapsed
6859Initiating SYN Stealth Scan at 00:49
6860Scanning fg.gov.sa (87.101.230.92) [1 port]
6861Discovered open port 443/tcp on 87.101.230.92
6862Completed SYN Stealth Scan at 00:49, 0.27s elapsed (1 total ports)
6863Initiating Service scan at 00:49
6864Scanning 1 service on fg.gov.sa (87.101.230.92)
6865Completed Service scan at 00:49, 27.76s elapsed (1 service on 1 host)
6866Initiating OS detection (try #1) against fg.gov.sa (87.101.230.92)
6867Retrying OS detection (try #2) against fg.gov.sa (87.101.230.92)
6868Initiating Traceroute at 00:49
6869Completed Traceroute at 00:50, 3.16s elapsed
6870Initiating Parallel DNS resolution of 17 hosts. at 00:50
6871Completed Parallel DNS resolution of 17 hosts. at 00:50, 0.65s elapsed
6872NSE: Script scanning 87.101.230.92.
6873Initiating NSE at 00:50
6874Completed NSE at 00:55, 330.08s elapsed
6875Initiating NSE at 00:55
6876Completed NSE at 00:55, 1.63s elapsed
6877Nmap scan report for fg.gov.sa (87.101.230.92)
6878Host is up (0.23s latency).
6879
6880PORT STATE SERVICE VERSION
6881443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
6882| http-aspnet-debug:
6883|_ status: DEBUG is enabled
6884| http-brute:
6885|_ Path "/" does not require authentication
6886|_http-chrono: Request times for /; avg: 1769.84ms; min: 1559.81ms; max: 2318.47ms
6887|_http-csrf: Couldn't find any CSRF vulnerabilities.
6888|_http-devframework: Couldn't determine the underlying framework or CMS. Try increasing 'httpspider.maxpagecount' value to spider more pages.
6889|_http-dombased-xss: Couldn't find any DOM based XSS.
6890|_http-drupal-enum: Nothing found amongst the top 100 resources,use --script-args number=<number|all> for deeper analysis)
6891| http-errors:
6892| Spidering limited to: maxpagecount=40; withinhost=fg.gov.sa
6893| Found the following error pages:
6894|
6895| Error Code: 500
6896|_ https://fg.gov.sa:443/
6897|_http-feed: Couldn't find any feeds.
6898|_http-fetch: Please enter the complete path of the directory to save data in.
6899| http-grep:
6900| (1) https://fg.gov.sa:443/:
6901| (1) ip:
6902|_ + 104.245.145.181
6903| http-headers:
6904| Content-Length: 38589
6905| Content-Type: text/html
6906|
6907|_ (Request type: GET)
6908|_http-jsonp-detection: Couldn't find any JSONP endpoints.
6909|_http-mobileversion-checker: No mobile version detected.
6910| http-phpmyadmin-dir-traversal:
6911| VULNERABLE:
6912| phpMyAdmin grab_globals.lib.php subform Parameter Traversal Local File Inclusion
6913| State: LIKELY VULNERABLE
6914| IDs: CVE:CVE-2005-3299
6915| PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
6916|
6917| Disclosure date: 2005-10-nil
6918| Extra information:
6919| ../../../../../etc/passwd not found.
6920|
6921| References:
6922| http://www.exploit-db.com/exploits/1244/
6923|_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3299
6924| http-security-headers:
6925| Strict_Transport_Security:
6926|_ HSTS not configured in HTTPS Server
6927| http-sitemap-generator:
6928| Directory structure:
6929| Longest directory structure:
6930| Depth: 0
6931| Dir: /
6932| Total files found (by extension):
6933|_
6934|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
6935|_http-title: The URL you requested has been blocked
6936| http-vhosts:
6937| 125 names had status 500
6938| mx.gov.sa
6939|_devsql.gov.sa
6940|_http-wordpress-enum: Nothing found amongst the top 100 resources,use --script-args search-limit=<number|all> for deeper analysis)
6941|_http-wordpress-users: [Error] Wordpress installation was not found. We couldn't find wp-login.php
6942|_http-xssed: No previously reported XSS vuln.
6943| vulscan: VulDB - https://vuldb.com:
6944| [131683] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Win32k memory corruption
6945| [131642] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Active Directory privilege escalation
6946| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
6947| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
6948| [123853] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel Memory information disclosure
6949| [122858] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 LNK memory corruption
6950| [122833] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI+ memory corruption
6951| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
6952| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
6953| [119469] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel privilege escalation
6954| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
6955| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
6956| [114528] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI privilege escalation
6957| [114524] Microsoft ASP.NET Core 2.0 denial of service
6958| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
6959| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6960| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6961| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
6962| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6963| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6964| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
6965| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
6966| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
6967| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6968| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6969| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6970| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6971| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6972| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6973| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6974| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6975| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6976| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6977| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
6978| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6979| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6980| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
6981| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
6982| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
6983| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
6984| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
6985| [111347] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Color Management Icm32.dll information disclosure
6986| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
6987| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
6988| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6989| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature Macro privilege escalation
6990| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
6991| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6992| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6993| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6994| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
6995| [106497] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Uniscribe memory corruption
6996| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6997| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
6998| [105051] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Font Library privilege escalation
6999| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
7000| [102513] Microsoft Windows XP SP3/Server 2003 SP2 OLE olecnv32.dll privilege escalation
7001| [102512] Microsoft Windows XP SP3/Server 2003 SP2 rpc privilege escalation
7002| [102511] Microsoft Windows XP SP3/Server 2003 SP2 RDP EsteemAudit privilege escalation
7003| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
7004| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
7005| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
7006| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7007| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
7008| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
7009| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
7010| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
7011| [101011] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 ActiveX Object Memory memory corruption
7012| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
7013| [99904] Microsoft Windows XP SP3/Server 2003 SP2 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
7014| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
7015| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
7016| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
7017| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
7018| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
7019| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
7020| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
7021| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
7022| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
7023| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7024| [98085] Microsoft Excel 2007 SP3 memory corruption
7025| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
7026| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
7027| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
7028| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
7029| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
7030| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
7031| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
7032| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
7033| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
7034| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 information disclosure
7035| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
7036| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7037| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
7038| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
7039| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
7040| [93541] Microsoft Office 2007 SP3 denial of service
7041| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
7042| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
7043| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
7044| [93396] Microsoft Office 2007/2010/2011 memory corruption
7045| [93395] Microsoft Office 2007/2010/2011 memory corruption
7046| [93394] Microsoft Office 2007/2010 memory corruption
7047| [92596] Microsoft Windows Vista SP2/7 SP1/Server 2008 SP2/Server 2008 R2 Internet Messaging API File information disclosure
7048| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
7049| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7050| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
7051| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7052| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7053| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7054| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
7055| [91545] Microsoft Office 2007/2010 memory corruption
7056| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7057| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
7058| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
7059| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
7060| [90705] Microsoft Office 2007/2010/2011 memory corruption
7061| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7062| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
7063| [89034] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
7064| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
7065| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7066| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7067| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7068| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL memory corruption
7069| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
7070| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
7071| [87935] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
7072| [87934] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
7073| [87933] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
7074| [87147] Microsoft Office 2007/2010 memory corruption
7075| [87145] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
7076| [87144] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
7077| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
7078| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
7079| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
7080| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
7081| [81272] Microsoft Office 2007/2010/2013 memory corruption
7082| [81265] Microsoft Windows Vista SP2/Server 2008 Library Loader memory corruption
7083| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7084| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7085| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
7086| [79506] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Library Loader memory corruption
7087| [79505] Microsoft Office 2007 memory corruption
7088| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
7089| [79503] Microsoft Office 2007/2010/2013 memory corruption
7090| [79502] Microsoft Office 2007/2010/2011 memory corruption
7091| [79501] Microsoft Office 2007/2010 memory corruption
7092| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
7093| [79493] Microsoft Windows Vista/Server 2008 Graphics memory corruption
7094| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
7095| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
7096| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
7097| [79167] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Journal memory corruption
7098| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
7099| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
7100| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 EPS Image memory corruption
7101| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
7102| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
7103| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
7104| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
7105| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
7106| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
7107| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
7108| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
7109| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
7110| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
7111| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
7112| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
7113| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
7114| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
7115| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
7116| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
7117| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
7118| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
7119| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
7120| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
7121| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
7122| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
7123| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
7124| [73979] Microsoft Exchange Server 2003 SP1/2003 CU7 Meeting privilege escalation
7125| [73978] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
7126| [73977] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
7127| [73976] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
7128| [73975] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
7129| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
7130| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
7131| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
7132| [69155] Microsoft Excel 2007/2010/2013/- Object memory corruption
7133| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
7134| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
7135| [68408] Microsoft Excel 2007/2010/2013 memory corruption
7136| [68407] Microsoft Excel 2007/2010 memory corruption
7137| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
7138| [68195] Microsoft Windows Vista/7/Server 2003/Server 2008 Input Method Editor Sandbox privilege escalation
7139| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
7140| [68188] Microsoft Word 2007 File memory corruption
7141| [68187] Microsoft Word 2007 File memory corruption
7142| [68186] Microsoft Word 2007 File memory corruption
7143| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
7144| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
7145| [71337] Microsoft Office 2000/2004/XP memory corruption
7146| [67355] Microsoft OneNote 2007 File Processing privilege escalation
7147| [67354] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 SQL Master Data Services cross site scripting
7148| [67353] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
7149| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
7150| [13545] Microsoft Word 2007 Embedded Font memory corruption
7151| [13397] Microsoft Windows XP/2000/Server 2003 DHCP Response DHCP ACK spoofing
7152| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
7153| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
7154| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
7155| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
7156| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
7157| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
7158| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
7159| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
7160| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
7161| [12844] Microsoft Word 2007/2010 Office File memory corruption
7162| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
7163| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
7164| [12530] Microsoft Windows XP/Vista/Server 2003/Server 2008/Server 2012 Security Account Manager Lockout privilege escalation
7165| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
7166| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
7167| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
7168| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
7169| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
7170| [11151] Microsoft Outlook 2007/2010/2013/- S/MIME Certificate Metadata Expansion memory corruption
7171| [11149] Microsoft Office 2003/2007/2010/2013/- WordPerfect Document epsimp32.flt memory corruption
7172| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
7173| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
7174| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
7175| [11081] Microsoft Windows Vista/Server 2008 TIFF Image memory corruption
7176| [10648] Microsoft Word 2007 Word File memory corruption
7177| [10647] Microsoft Word 2003 Word File memory corruption
7178| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
7179| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
7180| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
7181| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
7182| [10244] Microsoft Office 2003 SP3 Word File memory corruption
7183| [10243] Microsoft Office 2003/2007 Word File memory corruption
7184| [10242] Microsoft Office 2007 Word File memory corruption
7185| [10241] Microsoft Office 2007 Word File memory corruption
7186| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
7187| [10239] Microsoft Office 2003/2007 Word File memory corruption
7188| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
7189| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
7190| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
7191| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7192| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7193| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7194| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7195| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7196| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7197| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7198| [10192] Microsoft Windows XP SP3/Vista/7/2000/Server 2003 SP2 Windows Theme File privilege escalation
7199| [10191] Microsoft Windows XP/Server 2003 OLE Object privilege escalation
7200| [10190] Microsoft Windows Vista/7/8/Server 2008 Active Directory denial of service
7201| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
7202| [9941] Microsoft Windows XP/Server 2003 Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
7203| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
7204| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
7205| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
7206| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
7207| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
7208| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
7209| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
7210| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
7211| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
7212| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
7213| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
7214| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
7215| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
7216| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
7217| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
7218| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
7219| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
7220| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
7221| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
7222| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
7223| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
7224| [7641] Microsoft Windows XP/Vista/Server 2003/Server 2008 DirectShow Quartz.dll memory corruption
7225| [8589] Microsoft System Center Operations Manager 2007 SP1/2007 R2 ViewTypeManager.aspx cross site scripting
7226| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
7227| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
7228| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
7229| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
7230| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
7231| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
7232| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
7233| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
7234| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
7235| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
7236| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
7237| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
7238| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
7239| [6830] Microsoft Word 2007/2010 File memory corruption
7240| [6819] Microsoft Excel 2007 File memory corruption
7241| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
7242| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
7243| [6622] Microsoft Word 2003/2007/2010/- RTF Document memory corruption
7244| [6621] Microsoft Word 2007 PAPX memory corruption
7245| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
7246| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
7247| [5939] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Print Spooler Service memory corruption
7248| [5938] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Remote Administration Protocol netapi32.dll RAP Request denial of service
7249| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
7250| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
7251| [5654] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 information disclosure
7252| [5653] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
7253| [5652] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
7254| [5650] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
7255| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
7256| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
7257| [5643] Microsoft SharePoint 2007/2010 information disclosure
7258| [5642] Microsoft SharePoint 2007 cross site request forgery
7259| [5553] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Font atmfd.dll denial of service
7260| [5524] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
7261| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
7262| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
7263| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
7264| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
7265| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
7266| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
7267| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
7268| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
7269| [5046] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
7270| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
7271| [4802] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Protocol denial of service
7272| [4798] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Service memory corruption
7273| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
7274| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
7275| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
7276| [4535] Microsoft Windows XP/Server 2003 Object Packager packager.exe privilege escalation
7277| [4534] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
7278| [4533] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Multimedia Library winmm.dll MIDI File memory corruption
7279| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Redirect
7280| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
7281| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
7282| [4480] Microsoft Excel 2003 memory corruption
7283| [4478] Microsoft Windows XP/Server 2003 OLE Objects Memory Management memory corruption
7284| [4477] Microsoft PowerPoint 2007 OfficeArt Use-After-Free memory corruption
7285| [4474] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Active Directory Query memory corruption
7286| [4473] Microsoft Powerpoint 2007/2010 DLL-Loader memory corruption
7287| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
7288| [4470] Microsoft Office 2003 SP3 memory corruption
7289| [4453] Microsoft Excel 2003 Record Parser memory corruption
7290| [4446] Microsoft Office 2008/2007 OfficeArt Record Parser memory corruption
7291| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
7292| [4438] Microsoft Windows Vista/7/Server 2008 TCP/IP Reference Counter denial of service
7293| [5358] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 TrueType Font Handling memory corruption
7294| [59005] Microsoft Host Integration Server 2004 denial of service
7295| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
7296| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
7297| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
7298| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
7299| [58488] Microsoft Office 2007/2010 memory corruption
7300| [4412] Microsoft Office 2003/2007 Library Loader Designfehler
7301| [4411] Microsoft Excel 2003 memory corruption
7302| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
7303| [58240] Microsoft Visio 2003/2007 memory corruption
7304| [58237] Microsoft Visio 2003/2007/2010 memory corruption
7305| [4396] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
7306| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
7307| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
7308| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
7309| [4388] Microsoft Windows Vista/7/Server 2008 File Metadata Parser denial of service
7310| [57691] Microsoft SQL Server 2008 Web Service information disclosure
7311| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
7312| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
7313| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
7314| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
7315| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
7316| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
7317| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
7318| [4369] Microsoft Excel 2002/2003/2007 memory corruption
7319| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
7320| [4362] Microsoft Windows Vista/7/Server 2008 denial of service
7321| [57420] Microsoft PowerPoint 2002/2003 memory corruption
7322| [4349] Microsoft Office 2004/2008/2007 Presentation File Parser memory corruption
7323| [4348] Microsoft Powerpoint 2002/2003/2007 memory corruption
7324| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
7325| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
7326| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
7327| [57076] Microsoft Excel 2002/2003 memory corruption
7328| [57075] Microsoft Excel 2002/2003 memory corruption
7329| [57074] Microsoft Excel 2002 memory corruption
7330| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
7331| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
7332| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
7333| [56475] Microsoft Office 2004/2008 memory corruption
7334| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
7335| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
7336| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
7337| [4297] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Compact Font Format Driver privilege escalation
7338| [4296] Microsoft Windows XP/Server 2003 LSASS Authentication Request unknown vulnerability
7339| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
7340| [4294] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys unknown vulnerability
7341| [4293] Microsoft Windows XP/Server 2003 Kerberos CRC32 Checksum privilege escalation
7342| [4292] Microsoft Windows XP/Server 2003 CSRSS Logoff privilege escalation
7343| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
7344| [4286] Microsoft Powerpoint 2007 OfficeArt Container Parser memory corruption
7345| [4279] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 MHTML cross site scripting
7346| [56176] Microsoft Windows XP/7/Server 2003 fxscover.exe CDrawPoly::Serialize memory corruption
7347| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
7348| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
7349| [55765] Microsoft Office 2003/Xp Integer memory corruption
7350| [55764] Microsoft Office 2003/Xp memory corruption
7351| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
7352| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
7353| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
7354| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
7355| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
7356| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
7357| [4224] Microsoft Windows Vista/7/Server 2008 Consent User Interface privilege escalation
7358| [4231] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys GreEnableEUDC denial of service
7359| [55420] Microsoft Office 2007/2010 memory corruption
7360| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
7361| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
7362| [55411] Microsoft PowerPoint 2002/2003 memory corruption
7363| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
7364| [54995] Microsoft Office 2004/2008 memory corruption
7365| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
7366| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
7367| [54992] Microsoft Excel 2002 memory corruption
7368| [54991] Microsoft Office 2004 Future memory corruption
7369| [54990] Microsoft Office 2004 memory corruption
7370| [54989] Microsoft Office 2004/2008 memory corruption
7371| [54988] Microsoft Excel 2002 memory corruption
7372| [54987] Microsoft Excel 2002 memory corruption
7373| [54986] Microsoft Excel 2002/2003 memory corruption
7374| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
7375| [54984] Microsoft Office 2004/2008 memory corruption
7376| [54983] Microsoft Excel 2002 Integer memory corruption
7377| [54980] Microsoft Word 2002/2003 memory corruption
7378| [54979] Microsoft Word 2002 memory corruption
7379| [54978] Microsoft Word 2002 memory corruption
7380| [54977] Microsoft Word 2002 Heap-based memory corruption
7381| [54976] Microsoft Word 2002 memory corruption
7382| [54975] Microsoft Word 2002 memory corruption
7383| [54974] Microsoft Word 2002 memory corruption
7384| [54973] Microsoft Word 2002 memory corruption
7385| [54972] Microsoft Word 2002 memory corruption
7386| [54971] Microsoft Word 2002 memory corruption
7387| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
7388| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
7389| [4194] Microsoft Windows Vista/7/Server 2008 SChannel Client Certificate Request denial of service
7390| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
7391| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
7392| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
7393| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
7394| [54554] Microsoft Groove 2007 mso.dll memory corruption
7395| [4187] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack Ipv4SetEchoRequestCreate() denial of service
7396| [54322] Microsoft Word 2002/2003 memory corruption
7397| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
7398| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
7399| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
7400| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
7401| [4165] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
7402| [4162] Microsoft Windows Vista/7/Server 2008 Kernel memory corruption
7403| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
7404| [4149] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Shell Shortcut Parser memory corruption
7405| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
7406| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
7407| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
7408| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
7409| [4151] Microsoft Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel memory corruption
7410| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
7411| [53505] Microsoft Excel 2002/2007 memory corruption
7412| [53501] Microsoft Excel 2002 memory corruption
7413| [53500] Microsoft Excel 2002 memory corruption
7414| [53499] Microsoft Excel 2002 memory corruption
7415| [53495] Microsoft Excel 2002/2003/2007 memory corruption
7416| [53494] Microsoft Excel 2002 Stack-based memory corruption
7417| [53504] Microsoft Excel 2002 memory corruption
7418| [53503] Microsoft Excel 2002 Stack-Based memory corruption
7419| [53502] Microsoft Excel 2002 Heap-based memory corruption
7420| [53498] Microsoft Excel 2002 Stack-based memory corruption
7421| [53497] Microsoft Excel 2002 memory corruption
7422| [53496] Microsoft Excel 2002 memory corruption
7423| [53493] Microsoft Excel 2002/2003/2007 memory corruption
7424| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
7425| [53366] Microsoft ASP.NET 2.0 cross site scripting
7426| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
7427| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
7428| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
7429| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
7430| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
7431| [52773] Microsoft Visio 2002/2003/2007 memory corruption
7432| [52772] Microsoft Visio 2002/2003/2007 memory corruption
7433| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
7434| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
7435| [52543] Microsoft Virtual PC 2007 unknown vulnerability
7436| [52148] Microsoft Office 2004/2008/2007 Uninitialized Memory memory corruption
7437| [52147] Microsoft Office 2004/2008/2007 Spreadsheet Uninitialized Memory memory corruption
7438| [52146] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
7439| [52145] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
7440| [52144] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
7441| [52143] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
7442| [4090] Microsoft Excel 2002/2003/2007 memory corruption
7443| [52036] Microsoft Windows 2000 MsgBox memory corruption
7444| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
7445| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
7446| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
7447| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
7448| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
7449| [51799] Microsoft PowerPoint 2002/2003 memory corruption
7450| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
7451| [4082] Microsoft Powerpoint 2002 memory corruption
7452| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
7453| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
7454| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
7455| [51133] Microsoft Windows 2000 SP4/XP SP2/SP3/Server 2003 SP2 memory corruption
7456| [51074] Microsoft Office 2002/2003 Integer memory corruption
7457| [4069] Microsoft Project 2007/2003 Project Memory Validator memory corruption
7458| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
7459| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
7460| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
7461| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
7462| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
7463| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
7464| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
7465| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
7466| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
7467| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
7468| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
7469| [50443] Microsoft Office Powerpoint 2007 Integer memory corruption
7470| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
7471| [49866] Microsoft Windows Server 2003 memory corruption
7472| [4031] Microsoft Windows Vista/Server 2008 SMB Processor EducatedScholar memory corruption
7473| [4030] Microsoft Windows Vista/Server 2008 Wireless LAN AutoConfig Service Heap-based memory corruption
7474| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
7475| [49745] Microsoft Windows Server 2003 denial of service
7476| [49394] Microsoft Windows Server 2003 memory corruption
7477| [49198] Microsoft Visual Studio 2005 information disclosure
7478| [49047] Microsoft Virtual Server 2005 privilege escalation
7479| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
7480| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
7481| [49044] Microsoft ISA Server 2006 privilege escalation
7482| [3999] Microsoft Office 2007 Pointer memory corruption
7483| [4000] Microsoft Office 2003/Xp/Sp3 Web Components memory corruption
7484| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
7485| [48572] Microsoft Office Powerpoint 2002 FL21WIN.DLL memory corruption
7486| [48517] Microsoft Windows 2000 Memory Leak memory corruption
7487| [48516] Microsoft Windows Server 2008 unknown vulnerability
7488| [48512] Microsoft Windows Server 2008 unknown vulnerability
7489| [48515] Microsoft Office Word Viewer 2003 memory corruption
7490| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
7491| [48554] Microsoft Excel 2000/2003/2007 memory corruption
7492| [48157] Microsoft Office PowerPoint 2002 Sound memory corruption
7493| [48156] Microsoft Office PowerPoint 2000 Stack-based memory corruption
7494| [48154] Microsoft Office PowerPoint 2002 Sound PP7X32.DLL memory corruption
7495| [48152] Microsoft Office PowerPoint 2002 PP4X32.DLL memory corruption
7496| [48150] Microsoft Office PowerPoint 2002 Sound memory corruption
7497| [48147] Microsoft Office PowerPoint 2002 Sound memory corruption
7498| [48146] Microsoft Office PowerPoint 2002 Integer memory corruption
7499| [48155] Microsoft Office PowerPoint 2002 Notes Container Heap-based memory corruption
7500| [48153] Microsoft Office PowerPoint 2002 Sound memory corruption
7501| [48151] Microsoft Office PowerPoint 2002 Stack-based memory corruption
7502| [48149] Microsoft Office PowerPoint 2002 memory corruption
7503| [48148] Microsoft Office PowerPoint 2002 Sound memory corruption
7504| [3974] Microsoft Powerpoint 2000/2002/2003 Sound Data Stack-based memory corruption
7505| [3973] Microsoft Powerpoint 2000/2002/2003 Notes Container Stack-based memory corruption
7506| [3972] Microsoft Powerpoint 2000/2002/2003 BuildList memory corruption
7507| [3971] Microsoft Powerpoint 2000/2002/2003 Object Stack-based memory corruption
7508| [3970] Microsoft Powerpoint 2000/2002/2003 Paragraph Stack-based memory corruption
7509| [3969] Microsoft Powerpoint 2000/2002/2003 Atom Stack-based memory corruption
7510| [47719] Microsoft Windows 2000 Stack-based memory corruption
7511| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
7512| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
7513| [47715] Microsoft Windows 2000 Wordpad memory corruption
7514| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
7515| [3960] Microsoft Windows XP/2000/Server 2003 DirectShow MJPEG memory corruption
7516| [3952] Microsoft ISA Server 2004/2006 denial of service
7517| [3946] Microsoft PowerPoint 2004/2000/2002/2003 memory corruption
7518| [47091] Microsoft Windows Server 2008 unknown vulnerability
7519| [47090] Microsoft Windows Server 2008 unknown vulnerability
7520| [3939] Microsoft Windows 2000 DNS Designfehler
7521| [3938] Microsoft Windows 2000 SSL weak authentication
7522| [3937] Microsoft Windows 2000 memory corruption
7523| [3932] Microsoft Excel 2004/2000/2002/2003/2007 Object Reference Designfehler
7524| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
7525| [46455] Microsoft Exchange Server 2007 denial of service
7526| [46454] Microsoft Exchange Server 2007 memory corruption
7527| [46453] Microsoft Visio 2002/2003/2007 memory corruption
7528| [46452] Microsoft Visio 2002/2003/2007 memory corruption
7529| [46451] Microsoft Visio 2002/2003/2007 memory corruption
7530| [46327] Microsoft Word 2007 information disclosure
7531| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
7532| [45381] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
7533| [45380] Microsoft Windows Vista SP1/Server 2008 Search memory corruption
7534| [45379] Microsoft Office SharePoint Server 2007 denial of service
7535| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
7536| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
7537| [3891] Microsoft Excel 2000/2002/2003 memory corruption
7538| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
7539| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
7540| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
7541| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
7542| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
7543| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
7544| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
7545| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
7546| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
7547| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
7548| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
7549| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
7550| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
7551| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
7552| [45197] Microsoft Windows 2000 nskey.dll memory corruption
7553| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
7554| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
7555| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
7556| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
7557| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
7558| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
7559| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
7560| [3844] Microsoft Excel 2003 REPT memory corruption
7561| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
7562| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based Eingabeung\xC3\xBCltigkeit
7563| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
7564| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
7565| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
7566| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
7567| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
7568| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
7569| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
7570| [43676] Microsoft Windows XP/Vista/2000/Server 2003 memory corruption
7571| [43675] Microsoft Windows XP/Vista/2000/Server 2003 of memory corruption
7572| [43662] Microsoft Office Powerpoint Viewer up to 2003 memory corruption
7573| [43661] Microsoft Office Powerpoint Viewer 2003 memory corruption
7574| [43660] Microsoft Office Powerpoint Viewer 2003 Integer memory corruption
7575| [43657] Microsoft Office 2000/2003/Xp memory corruption
7576| [43654] Microsoft SharePoint Server 2007 memory corruption
7577| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
7578| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
7579| [3797] Microsoft Windows Vista/Server 2008 IPsec Policy Designfehler
7580| [3796] Microsoft Office 2000 WPG memory corruption
7581| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
7582| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
7583| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
7584| [3792] Microsoft Office 2000 EPS File memory corruption
7585| [3783] Microsoft Word 2002 memory corruption
7586| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
7587| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
7588| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
7589| [3777] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
7590| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
7591| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
7592| [42816] Microsoft Word 2000/2003 memory corruption
7593| [42732] Microsoft Windows XP/Vista/Server 2003 denial of service
7594| [42731] Microsoft Windows Server 2003 denial of service
7595| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
7596| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
7597| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
7598| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
7599| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
7600| [41880] Microsoft Project 2000/2002/2003 memory corruption
7601| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
7602| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
7603| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
7604| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
7605| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
7606| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
7607| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
7608| [41453] Microsoft Excel 2000/2002/2003 memory corruption
7609| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
7610| [41451] Microsoft Excel 2000/2002/2003 memory corruption
7611| [41450] Microsoft Excel 2000 memory corruption
7612| [41449] Microsoft Excel 2000/2002/2003 memory corruption
7613| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
7614| [3648] Microsoft Excel 2003 memory corruption
7615| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
7616| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
7617| [41002] Microsoft Office 2000/2003/Xp memory corruption
7618| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
7619| [41000] Microsoft Works 2005/8.0 memory corruption
7620| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
7621| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
7622| [40987] Microsoft Windows 2000 denial of service
7623| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
7624| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
7625| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
7626| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
7627| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
7628| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
7629| [39655] Microsoft Windows Server 2003 spoofing
7630| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
7631| [3373] Microsoft Word 2000/2002 memory corruption
7632| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
7633| [38899] Microsoft ISA Server 2004 information disclosure
7634| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
7635| [38326] Microsoft Windows 2000 attemptwrite memory corruption
7636| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
7637| [3223] Microsoft Windows XP/Server 2003 URI Eingabeung\xC3\xBCltigkeit
7638| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
7639| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
7640| [37738] Microsoft Office 2002/2003 memory corruption
7641| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
7642| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
7643| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
7644| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
7645| [37566] Microsoft Excel 2003 unknown vulnerability
7646| [37526] Microsoft Windows 2000/Server 2003 denial of service
7647| [37248] Microsoft Visio 2002 Packaging memory corruption
7648| [37251] Microsoft Windows 2000 memory corruption
7649| [3119] Microsoft Visio 2002 Object memory corruption
7650| [3118] Microsoft Visio 2002 Data memory corruption
7651| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
7652| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
7653| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
7654| [36616] Microsoft Works 2004/2005/2006 memory corruption
7655| [36621] Microsoft Exchange Server 2000 Integer denial of service
7656| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
7657| [36619] Microsoft Exchange Server 2000/2003/2007 memory corruption
7658| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
7659| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
7660| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
7661| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
7662| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
7663| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
7664| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
7665| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
7666| [36039] Microsoft Content Management Server 2001 memory corruption
7667| [36052] Microsoft Windows 2000 Heap-based memory corruption
7668| [36051] Microsoft Word 2007 file798-1.doc memory corruption
7669| [36050] Microsoft Word 2007 file789-1.doc memory corruption
7670| [36040] Microsoft Content Management Server 2001 cross site scripting
7671| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
7672| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
7673| [2990] Microsoft Windows 2000/XP/Vista Animated Cursor Stack-based memory corruption
7674| [36515] Microsoft Windows 2000/XP/Server 2003 memory corruption
7675| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
7676| [35373] Microsoft Excel 2003 denial of service
7677| [35372] Microsoft Office 2003 denial of service
7678| [35206] Microsoft Windows XP/Server 2003 Crash denial of service
7679| [35161] Microsoft ISA Server 2004 unknown vulnerability
7680| [35236] Microsoft Publisher 2007 memory corruption
7681| [2939] Microsoft Word 2000 memory corruption
7682| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
7683| [34993] Microsoft Office 2000/2003/Xp memory corruption
7684| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
7685| [35000] Microsoft Word 2000/2002/2003 memory corruption
7686| [2933] Microsoft Windows XP SP2/2000 SP4/Server 2003 SP1 OLE Dialog Stack-based memory corruption
7687| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
7688| [2884] Microsoft Word 2000/2002/2003 memory corruption
7689| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
7690| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
7691| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
7692| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
7693| [34322] Microsoft Office 2000/2003/Xp memory corruption
7694| [2811] Microsoft Windows 2000/XP/Server 2003 VML Vector Markup Language Integer memory corruption
7695| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
7696| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
7697| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
7698| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
7699| [34126] Microsoft Office 2003 memory corruption
7700| [34122] Microsoft Office Web Components 2000 memory corruption
7701| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum() denial of service
7702| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
7703| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
7704| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
7705| [2738] Microsoft Windows 2000/XP/Server 2003 SNMP memory corruption
7706| [2737] Microsoft Windows XP/Server 2003 Manifest denial of service
7707| [33766] Microsoft Word 2000/2002/2003 memory corruption
7708| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
7709| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
7710| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
7711| [2688] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware denial of service
7712| [2687] Microsoft Windows 2000/XP/Server 2003 Agent ActiveX ACF File Heap-based memory corruption
7713| [2686] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware memory corruption
7714| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
7715| [2659] Microsoft Windows 2000/XP GDI Crash Designfehler
7716| [2655] Microsoft Windows 2000/XP/Server 2003 XML Core Services Designfehler
7717| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
7718| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
7719| [32693] Microsoft Word 2004 memory corruption
7720| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
7721| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
7722| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
7723| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
7724| [32694] Microsoft Windows 2000 memory corruption
7725| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7726| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7727| [32687] Microsoft Word 2000/2002 memory corruption
7728| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
7729| [2601] Microsoft Windows XP/Server 2003 IPv6 Stack denial of service
7730| [2600] Microsoft Windows XP/Server 2003 IPv6 Stack TCP denial of service
7731| [2599] Microsoft Windows XP/Server 2003 IPv6 Stack ICMP denial of service
7732| [2598] Microsoft Windows XP/Server 2003 Object Packager Designfehler
7733| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
7734| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
7735| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
7736| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
7737| [2593] Microsoft ASP.NET 2.0 cross site scripting
7738| [2571] Microsoft PowerPoint up to 2003 Document memory corruption
7739| [2554] Microsoft PowerPoint 2000 memory corruption
7740| [2522] Microsoft Windows 2000/XP/Server 2003 Indexing Service cross site scripting
7741| [2521] Microsoft Publisher 2000/2002/2003 PUB File Stack-based memory corruption
7742| [2508] Microsoft Word 2000 memory corruption
7743| [2478] Microsoft Internet Explorer up to 6 on Win 2000 HTTP 1.1 Compression Heap-based memory corruption
7744| [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
7745| [2436] Microsoft Windows 2000/XP/Server 2003 Kernel memory corruption
7746| [2435] Microsoft Windows 2000/XP/Server 2003 Exception memory corruption
7747| [2434] Microsoft Windows 2000/XP/Server 2003 Winlogon race condition
7748| [2433] Microsoft Windows 2000 Management Console cross site scripting
7749| [2432] Microsoft Windows 2000/XP/Server 2003 DNS Resolver Heap-based memory corruption
7750| [2431] Microsoft Windows 2000/XP/Server 2003 Winsock API memory corruption
7751| [2430] Microsoft Windows 2000/XP/Server 2003 RPC ELV memory corruption
7752| [2426] Microsoft Windows 2000/XP/Server 2003 WMF File gdi32.dll denial of service
7753| [2415] Microsoft Windows 2000/XP/Server 2003 SMB File srv.sys denial of service
7754| [31527] Microsoft Internet Explorer 6.0 on Win 2000 ActiveX Object Stack-Based denial of service
7755| [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
7756| [31354] Microsoft PowerPoint 2003 memory corruption
7757| [31351] Microsoft ISA Server 2004 Filters unknown vulnerability
7758| [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
7759| [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
7760| [31318] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7761| [31317] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7762| [31316] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7763| [31313] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7764| [31312] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7765| [31311] Microsoft Excel 2000/2002/2003/XP memory corruption
7766| [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
7767| [31237] Microsoft Office 2000/2003/Xp memory corruption
7768| [31235] Microsoft Office 2000/2003/Xp memory corruption
7769| [2371] Microsoft NET Framework up to 2.0 URL Validator unknown vulnerability
7770| [2370] Microsoft Windows 2000/XP/Server 2003 Server Protocol Driver Server Message Block Heap-based memory corruption
7771| [2369] Microsoft Windows 2000/XP/Server 2003 Server Service Mailslot Heap-based memory corruption
7772| [2367] Microsoft Office 2000/2003/XP Document String memory corruption
7773| [2366] Microsoft Windows 2000/XP/Server 2003 DHCP Client memory corruption
7774| [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
7775| [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
7776| [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
7777| [31238] Microsoft Internet Explorer 6.0 on Win 2000 Crash denial of service
7778| [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
7779| [31133] Microsoft Windows XP/Server 2003 explorer.exe memory corruption
7780| [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll Long Hyperlink memory corruption
7781| [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
7782| [30801] Microsoft Windows up to 2000 Connection Manager Stack-based memory corruption
7783| [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
7784| [2311] Microsoft Windows 2000/XP/Server 2003 MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk memory corruption
7785| [2310] Microsoft Windows 2000 RPC spoofing
7786| [2309] Microsoft Windows 2000/XP/Server 2003 Routing and Remote Access Service RPC Request memory corruption
7787| [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
7788| [2307] Microsoft Windows 2000/XP/Server 2003 JScript Object memory corruption
7789| [2306] Microsoft Windows 2000/XP/Server 2003 IP Source Routing memory corruption
7790| [2305] Microsoft Windows XP/Server 2003 ART Image Heap-based memory corruption
7791| [2294] Microsoft Word up to 2003 DOC Document Backdoor Designfehler
7792| [2275] Microsoft Windows XP/Server 2003 mhtml URI inetcomm.dll memory corruption
7793| [2253] Microsoft Word up to 2003 Backdoor memory corruption
7794| [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
7795| [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator Crash denial of service
7796| [2218] Microsoft Windows 2000/XP/Server 2003 MSDTC Heap-based denial of service
7797| [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
7798| [2190] Microsoft Office 2003 mailto URI unknown vulnerability
7799| [2147] Microsoft Windows 2000/XP/Server 2003 COM Object memory corruption
7800| [2135] Microsoft FrontPage Server Extensions 2002 cross site scripting
7801| [29524] Microsoft ISA Server 2004 unknown vulnerability
7802| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
7803| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
7804| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
7805| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
7806| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
7807| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7808| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
7809| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
7810| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7811| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7812| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
7813| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7814| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7815| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
7816| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
7817| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7818| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7819| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7820| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7821| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7822| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7823| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7824| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7825| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7826| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7827| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7828| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
7829| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7830| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7831| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7832| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
7833| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
7834| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
7835| [134704] Microsoft SQL Server 2017 Analysis Services information disclosure
7836| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
7837| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
7838| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
7839| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
7840| [134697] Microsoft Office/Word 2016/2019/365 ProPlus memory corruption
7841| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
7842| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
7843| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7844| [133235] Microsoft Azure DevOps Server 2019 privilege escalation
7845| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7846| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
7847| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
7848| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
7849| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
7850| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
7851| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7852| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
7853| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
7854| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7855| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7856| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
7857| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7858| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
7859| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
7860| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
7861| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
7862| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7863| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
7864| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7865| [133204] Microsoft Office/Excel up to 2019 memory corruption
7866| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7867| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7868| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7869| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
7870| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
7871| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
7872| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
7873| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
7874| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7875| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
7876| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7877| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
7878| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
7879| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7880| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
7881| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
7882| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
7883| [133184] Microsoft Office 2016 for Mac/2019/365 ProPlus Graphics Component memory corruption
7884| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
7885| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
7886| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
7887| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
7888| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
7889| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
7890| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
7891| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
7892| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
7893| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
7894| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
7895| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
7896| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
7897| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
7898| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
7899| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
7900| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
7901| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
7902| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
7903| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
7904| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
7905| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
7906| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
7907| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
7908| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
7909| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
7910| [131658] Microsoft Windows up to Server 2019 information disclosure
7911| [131657] Microsoft Windows up to Server 2019 denial of service
7912| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
7913| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
7914| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
7915| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
7916| [131650] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V denial of service
7917| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
7918| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
7919| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
7920| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7921| [131632] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
7922| [131631] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
7923| [131630] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
7924| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
7925| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
7926| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
7927| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7928| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7929| [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
7930| [131329] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 information disclosure
7931| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
7932| [130832] Microsoft 2013 SP1 spoofing
7933| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
7934| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
7935| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
7936| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
7937| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
7938| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
7939| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
7940| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
7941| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
7942| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
7943| [130814] Microsoft Windows up to Server 2019 privilege escalation
7944| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
7945| [130808] Microsoft Windows up to Server 2019 information disclosure
7946| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
7947| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
7948| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7949| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7950| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
7951| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
7952| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
7953| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7954| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
7955| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
7956| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
7957| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
7958| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
7959| [130792] Microsoft Windows up to Server 2019 HID information disclosure
7960| [130791] Microsoft Windows up to Server 2019 HID information disclosure
7961| [130790] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
7962| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7963| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7964| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7965| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
7966| [130785] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus Security Feature Phishing spoofing
7967| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
7968| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
7969| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
7970| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
7971| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
7972| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
7973| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
7974| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
7975| [128762] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus Word memory corruption
7976| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7977| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7978| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7979| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7980| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7981| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7982| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7983| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7984| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7985| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
7986| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
7987| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
7988| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
7989| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
7990| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7991| [128745] Microsoft Office up to 2019 Word Macro information disclosure
7992| [128744] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
7993| [128743] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
7994| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
7995| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
7996| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
7997| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
7998| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
7999| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
8000| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
8001| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
8002| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
8003| [128732] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus MSHTML Engine privilege escalation
8004| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
8005| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
8006| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8007| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8008| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8009| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8010| [128717] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V memory corruption
8011| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
8012| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
8013| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
8014| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
8015| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
8016| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
8017| [127826] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Win32k ASLR privilege escalation
8018| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
8019| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
8020| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
8021| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
8022| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
8023| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
8024| [127817] Microsoft Excel up to 2019 information disclosure
8025| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
8026| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
8027| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
8028| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
8029| [127809] Microsoft PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus memory corruption
8030| [127806] Microsoft Outlook up to 2019 memory corruption
8031| [127805] Microsoft Excel up to 2019 memory corruption
8032| [127804] Microsoft Excel up to 2019 memory corruption
8033| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
8034| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
8035| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
8036| [126755] Microsoft .NET Core 2.1 privilege escalation
8037| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
8038| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
8039| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
8040| [126748] Microsoft Office 2019/365 ProPlus Outlook Message information disclosure
8041| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
8042| [126746] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
8043| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
8044| [126744] Microsoft Office up to 2019 Word memory corruption
8045| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8046| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8047| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
8048| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
8049| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
8050| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
8051| [126734] Microsoft Office 2019/365 ProPlus information disclosure
8052| [126733] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DirectX memory corruption
8053| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
8054| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
8055| [126727] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
8056| [126726] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
8057| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
8058| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
8059| [126718] Microsoft Windows up to Server 2016 Search memory corruption
8060| [126717] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2019 memory corruption
8061| [126716] Microsoft Office up to 2019 Excel memory corruption
8062| [126715] Microsoft Office 2016/2019/365 ProPlus Excel memory corruption
8063| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
8064| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
8065| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
8066| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
8067| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
8068| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
8069| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
8070| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
8071| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
8072| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
8073| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
8074| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
8075| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
8076| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
8077| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
8078| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
8079| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
8080| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8081| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8082| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8083| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8084| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
8085| [125100] Microsoft Office/Powerpoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
8086| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
8087| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8088| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
8089| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
8090| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
8091| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8092| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8093| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
8094| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
8095| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
8096| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
8097| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
8098| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
8099| [123872] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 SMB information disclosure
8100| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
8101| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
8102| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2013 RT SP1/2016 cross site scripting
8103| [123861] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
8104| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8105| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
8106| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
8107| [123849] Microsoft Windows up to Server 2016 SMB denial of service
8108| [123846] Microsoft Office 2016 on Win/Mac memory corruption
8109| [123844] Microsoft Word 2013 SP1/2013 RT SP1/2016 PDF File memory corruption
8110| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8111| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8112| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
8113| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
8114| [123827] Microsoft Windows up to Server 2016 Image memory corruption
8115| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
8116| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
8117| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
8118| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8119| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8120| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
8121| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8122| [122875] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
8123| [122874] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8124| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
8125| [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
8126| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
8127| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8128| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
8129| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
8130| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
8131| [122848] Microsoft Windows Security Feature 2FA weak authentication
8132| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
8133| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
8134| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
8135| [121208] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R Attachment privilege escalation
8136| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8137| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
8138| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
8139| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
8140| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
8141| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
8142| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
8143| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8144| [121098] Microsoft Office 2016/2016 C2R memory corruption
8145| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
8146| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
8147| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8148| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
8149| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
8150| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
8151| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
8152| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
8153| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8154| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
8155| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8156| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8157| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8158| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8159| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8160| [119459] Microsoft Windows up to Server 2016 memory corruption
8161| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
8162| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
8163| [119455] Microsoft Windows up to Server 2016 denial of service
8164| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8165| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
8166| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
8167| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
8168| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
8169| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
8170| [119436] Microsoft Windows up to Server 2016 memory corruption
8171| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
8172| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
8173| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
8174| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
8175| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
8176| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
8177| [117507] Microsoft Infopath 2013 SP1 memory corruption
8178| [117505] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
8179| [117504] Microsoft Office 2010 SP2 information disclosure
8180| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
8181| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
8182| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8183| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
8184| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
8185| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
8186| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
8187| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
8188| [117473] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8189| [117472] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8190| [117471] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8191| [117470] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8192| [117469] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8193| [117468] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8194| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
8195| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
8196| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
8197| [116132] Microsoft Office 2016 Memory information disclosure
8198| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8199| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
8200| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
8201| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
8202| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
8203| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
8204| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8205| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
8206| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
8207| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
8208| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
8209| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
8210| [116023] Microsoft Office up to 2016 C2R information disclosure
8211| [116022] Microsoft Excel 2010 SP2 memory corruption
8212| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Active Directory privilege escalation
8213| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
8214| [116018] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8215| [116017] Microsoft Excel up to 2016 C2R memory corruption
8216| [116016] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Graphics memory corruption
8217| [116014] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
8218| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8219| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
8220| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
8221| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
8222| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
8223| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
8224| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
8225| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
8226| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
8227| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
8228| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
8229| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8230| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
8231| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
8232| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Kernel information disclosure
8233| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8234| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8235| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8236| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8237| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8238| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8239| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8240| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8241| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8242| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8243| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8244| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
8245| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
8246| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
8247| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
8248| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
8249| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
8250| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
8251| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
8252| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
8253| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
8254| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
8255| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
8256| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
8257| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
8258| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
8259| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
8260| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
8261| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
8262| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
8263| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
8264| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
8265| [114520] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge privilege escalation
8266| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
8267| [114517] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge VFS privilege escalation
8268| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
8269| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
8270| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
8271| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
8272| [113259] Microsoft Windows 10/Server 2016/Server 1709 NTFS privilege escalation
8273| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
8274| [113253] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
8275| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
8276| [113250] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
8277| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
8278| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
8279| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
8280| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
8281| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
8282| [113240] Microsoft Windows 10/Server 2016/Server 1709 AppContainer privilege escalation
8283| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8284| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8285| [113233] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Uninitialized Memory information disclosure
8286| [113232] Microsoft Excel 2016 memory corruption
8287| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
8288| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
8289| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
8290| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
8291| [111567] Microsoft Office 2010/2013/2016 memory corruption
8292| [111564] Microsoft Word 2016 memory corruption
8293| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
8294| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
8295| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8296| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
8297| [110553] Microsoft Office 2016 C2R information disclosure
8298| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
8299| [110551] Microsoft Excel 2016 C2R memory corruption
8300| [110550] Microsoft PowerPoint 2013 SP1/2013 RT SP1/2016 information disclosure
8301| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
8302| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
8303| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
8304| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
8305| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
8306| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
8307| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
8308| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
8309| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
8310| [107759] Microsoft Windows up to Server 2016 SMB denial of service
8311| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8312| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8313| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
8314| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
8315| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
8316| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
8317| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
8318| [107738] Microsoft Windows up to Server 2016 Search information disclosure
8319| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
8320| [107732] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
8321| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
8322| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8323| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8324| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8325| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
8326| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
8327| [107698] Microsoft Office 2016 memory corruption
8328| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
8329| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
8330| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8331| [106529] Microsoft PowerPoint 2016 memory corruption
8332| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
8333| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
8334| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
8335| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
8336| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
8337| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
8338| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
8339| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
8340| [106474] Microsoft Office 2016 memory corruption
8341| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
8342| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
8343| [106470] Microsoft Excel 2011 on Mac memory corruption
8344| [106455] Microsoft Exchange Server 2013/2016 information disclosure
8345| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
8346| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
8347| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
8348| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
8349| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
8350| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
8351| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
8352| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
8353| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
8354| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
8355| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
8356| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
8357| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
8358| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
8359| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
8360| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
8361| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
8362| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
8363| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
8364| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8365| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
8366| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
8367| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
8368| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
8369| [103468] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 Open Redirect
8370| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
8371| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
8372| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
8373| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
8374| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
8375| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
8376| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
8377| [103426] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
8378| [103425] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
8379| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
8380| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
8381| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
8382| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
8383| [102463] Microsoft Project Server 2013 SP1 cross site scripting
8384| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
8385| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
8386| [102446] Microsoft Office up to 2016 privilege escalation
8387| [102445] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 privilege escalation
8388| [102443] Microsoft Office up to 2016 privilege escalation
8389| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
8390| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
8391| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
8392| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
8393| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
8394| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
8395| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
8396| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
8397| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
8398| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
8399| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
8400| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
8401| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
8402| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
8403| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
8404| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
8405| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
8406| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
8407| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8408| [101019] Microsoft Skype for Business 2016 memory corruption
8409| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
8410| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
8411| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
8412| [101014] Microsoft Office 2010 SP2/2016 memory corruption
8413| [101013] Microsoft Office 2010 SP2/2016 memory corruption
8414| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
8415| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
8416| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
8417| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
8418| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
8419| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
8420| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
8421| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
8422| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
8423| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
8424| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
8425| [98096] Microsoft Exchange 2013 SP1 privilege escalation
8426| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
8427| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
8428| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
8429| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
8430| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
8431| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
8432| [98082] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 denial of service
8433| [98081] Microsoft Excel up to 2016 information disclosure
8434| [98080] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
8435| [98079] Microsoft Word 2016 memory corruption
8436| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
8437| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
8438| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
8439| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
8440| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
8441| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
8442| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
8443| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
8444| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
8445| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
8446| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
8447| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
8448| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
8449| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
8450| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
8451| [94451] Microsoft Office 2011 memory corruption
8452| [94447] Microsoft Office 2010 SP2 memory corruption
8453| [94446] Microsoft Office 2016 memory corruption
8454| [94444] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL Loader memory corruption
8455| [94443] Microsoft Office up to 2016 information disclosure
8456| [94442] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
8457| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
8458| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
8459| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
8460| [93416] Microsoft SQL Server up to 2012 SP3/2014 SP2/2016 Server Agent atxcore.dll privilege escalation
8461| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
8462| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
8463| [93413] Microsoft SQL Server up to 2014 SP2/2016 RDBMS Engine privilege escalation
8464| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
8465| [93393] Microsoft Office up to 2016 memory corruption
8466| [93392] Microsoft Office up to 2016 memory corruption
8467| [93391] Microsoft Office up to 2016 memory corruption
8468| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
8469| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
8470| [92587] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
8471| [92584] Microsoft Office up to 2016 memory corruption
8472| [91571] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
8473| [91570] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
8474| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
8475| [91555] Microsoft Exchange 2013/2016 Link spoofing
8476| [91550] Microsoft Office 2016 memory corruption
8477| [91547] Microsoft Office 2010 memory corruption
8478| [91543] Microsoft Office up to 2016 memory corruption
8479| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
8480| [90711] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
8481| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
8482| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
8483| [89043] Microsoft Office up to 2016 memory corruption
8484| [89041] Microsoft Office up to 2016 memory corruption
8485| [89040] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 memory corruption
8486| [89038] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature privilege escalation
8487| [89037] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
8488| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
8489| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
8490| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
8491| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
8492| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
8493| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
8494| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
8495| [87936] Microsoft Office up to 2016 memory corruption
8496| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
8497| [87156] Microsoft Windows 8.1/RT 8.1/10/Server 2012 R2 Shell memory corruption
8498| [87149] Microsoft Office up to 2016 memory corruption
8499| [87148] Microsoft Office 2010 Graphics memory corruption
8500| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
8501| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
8502| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
8503| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
8504| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
8505| [81274] Microsoft Office up to 2016 memory corruption
8506| [81270] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
8507| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
8508| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
8509| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8510| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
8511| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
8512| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
8513| [80870] Microsoft Office up to 2016 memory corruption
8514| [80868] Microsoft Office up to 2016 memory corruption
8515| [80867] Microsoft Office up to 2016 memory corruption
8516| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
8517| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
8518| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
8519| [80231] Microsoft Excel up to 2016 Office Document memory corruption
8520| [80229] Microsoft Exchange Server 2013 SP1/2013 CU 10/2013 CU 11/2016 Outlook Web Access cross site scripting
8521| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
8522| [80227] Microsoft Exchange Server 2013 SP1/2013 CU 10/2016 Outlook Web Access cross site scripting
8523| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
8524| [80218] Microsoft Office up to 2016 ASLR privilege escalation
8525| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
8526| [80216] Microsoft Office up to 2016 Office Document memory corruption
8527| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
8528| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
8529| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
8530| [79500] Microsoft Office 2010/2011/2016 memory corruption
8531| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
8532| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
8533| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
8534| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
8535| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
8536| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
8537| [77638] Microsoft Lync Server 2013 cross site scripting
8538| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8539| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
8540| [77050] Microsoft Office up to 2016 memory corruption
8541| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
8542| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
8543| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
8544| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
8545| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
8546| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
8547| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
8548| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
8549| [75786] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
8550| [66976] Microsoft Access 2010 VBA Datatype denial of service
8551| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
8552| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
8553| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
8554| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
8555| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
8556| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
8557| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
8558| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
8559| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
8560| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
8561| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
8562| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
8563| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
8564| [69156] Microsoft Office 2010 Object memory corruption
8565| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
8566| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
8567| [68191] Microsoft SharePoint 2010 cross site scripting
8568| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
8569| [67518] Microsoft Lync 2013 denial of service
8570| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
8571| [67516] Microsoft Lync 2010/2013 denial of service
8572| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
8573| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
8574| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
8575| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
8576| [13228] Microsoft Office 2013 Document privilege escalation
8577| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
8578| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
8579| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
8580| [12238] Microsoft Windows 8/Server 2012/RT IPv6 denial of service
8581| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
8582| [12183] Microsoft .NET Framework 2/4 DTD denial of service
8583| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
8584| [11468] Microsoft Exchange 2010/2013 cross site scripting
8585| [11466] Microsoft Office 2013 File Response information disclosure
8586| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
8587| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
8588| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
8589| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
8590| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
8591| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
8592| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
8593| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
8594| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
8595| [8722] Microsoft Windows 8/Server 2012/RT HTTP.sys denial of service
8596| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
8597| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
8598| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
8599| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
8600| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
8601| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
8602| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
8603| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
8604| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
8605| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
8606| [7343] Microsoft Lync 2012 HTTP Format String
8607| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
8608| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
8609| [6831] Microsoft Office Picture Manager 2010 File memory corruption
8610| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
8611| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
8612| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
8613| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
8614| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
8615| [5641] Microsoft SharePoint 2010 cross site scripting
8616| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
8617| [12311] Microsoft Lync 2010 Search race condition
8618| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
8619| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
8620| [60208] Microsoft Visio Viewer 2010 memory corruption
8621| [60207] Microsoft Visio Viewer 2010 memory corruption
8622| [60206] Microsoft Visio Viewer 2010 memory corruption
8623| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
8624| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
8625| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
8626| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
8627| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
8628| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
8629| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
8630| [4424] Microsoft Host Integration Server up to 2010 denial of service
8631| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
8632| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
8633| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
8634| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
8635| [4414] Microsoft SharePoint 2010 cross site scripting
8636| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS Designfehler
8637| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
8638| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
8639| [4332] Microsoft PowerPoint 2010/2007 memory corruption
8640| [56028] Microsoft Data Access Components 2.8 memory corruption
8641| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
8642| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
8643| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
8644| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
8645| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
8646| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
8647| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
8648| [4009] Microsoft NET Framework 2.x/3.x denial of service
8649| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
8650| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
8651| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
8652| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
8653| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
8654| [32692] Microsoft XML Core Services up to 2.6 memory corruption
8655| [32691] Microsoft XML Core Services up to 2.6 memory corruption
8656| [29608] Microsoft Data Access Components 2.7 memory corruption
8657|
8658| MITRE CVE - https://cve.mitre.org:
8659| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
8660| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
8661| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
8662| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
8663| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
8664| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
8665| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
8666| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
8667| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
8668| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
8669| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
8670| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
8671| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
8672| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
8673| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
8674| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
8675| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
8676| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
8677| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
8678| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
8679| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
8680| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
8681| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
8682| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
8683| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
8684| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
8685| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
8686| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
8687| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
8688| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
8689| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
8690| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
8691| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
8692| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
8693| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
8694| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
8695| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
8696| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
8697| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
8698| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8699| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
8700| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
8701| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
8702| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
8703| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
8704| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
8705| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
8706| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
8707| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
8708| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8709| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8710| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8711| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8712| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8713| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8714| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8715| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8716| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8717| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8718| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8719| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8720| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8721| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8722| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8723| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8724| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8725| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8726| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8727| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8728| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8729| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8730| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8731| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8732| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8733| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8734| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8735| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8736| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8737| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
8738| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
8739| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
8740| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
8741| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
8742| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
8743| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
8744| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
8745| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
8746| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
8747| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
8748| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
8749| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
8750| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
8751| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
8752| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
8753| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
8754| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
8755| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
8756| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
8757| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
8758| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
8759| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8760| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
8761| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
8762| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
8763| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8764| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
8765| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8766| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
8767| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8768| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
8769| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
8770| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
8771| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
8772| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
8773| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
8774| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
8775| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
8776| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
8777| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8778| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
8779| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
8780| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
8781| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
8782| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
8783| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
8784| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
8785| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
8786| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
8787| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
8788| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
8789| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
8790| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8791| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
8792| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
8793| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
8794| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8795| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
8796| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
8797| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
8798| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8799| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8800| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
8801| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
8802| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
8803| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
8804| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
8805| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8806| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
8807| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
8808| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
8809| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
8810| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
8811| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
8812| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
8813| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
8814| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
8815| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
8816| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
8817| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
8818| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
8819| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
8820| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
8821| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
8822| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8823| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
8824| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
8825| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
8826| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
8827| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
8828| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
8829| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8830| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
8831| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
8832| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8833| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
8834| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
8835| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
8836| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
8837| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
8838| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
8839| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
8840| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
8841| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
8842| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
8843| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
8844| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
8845| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
8846| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
8847| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
8848| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
8849| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
8850| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
8851| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
8852| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
8853| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
8854| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
8855| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
8856| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
8857| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
8858| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
8859| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
8860| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
8861| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
8862| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
8863| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
8864| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
8865| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
8866| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
8867| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
8868| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
8869| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
8870| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8871| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
8872| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
8873| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
8874| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
8875| [CVE-2011-1990] Microsoft Excel 2007 SP2
8876| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
8877| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
8878| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
8879| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
8880| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
8881| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
8882| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
8883| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
8884| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
8885| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
8886| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
8887| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
8888| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
8889| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
8890| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
8891| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
8892| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
8893| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
8894| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
8895| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
8896| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
8897| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
8898| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
8899| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
8900| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8901| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8902| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8903| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8904| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8905| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8906| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8907| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
8908| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8909| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8910| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
8911| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8912| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8913| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
8914| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
8915| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
8916| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
8917| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
8918| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
8919| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
8920| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
8921| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
8922| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
8923| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
8924| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
8925| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
8926| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
8927| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
8928| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
8929| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8930| [CVE-2011-1275] Microsoft Excel 2002 SP3
8931| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8932| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8933| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8934| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
8935| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
8936| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
8937| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
8938| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
8939| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
8940| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
8941| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
8942| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
8943| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
8944| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
8945| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8946| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8947| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8948| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8949| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8950| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8951| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8952| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8953| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8954| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8955| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8956| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8957| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8958| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8959| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8960| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8961| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8962| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8963| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
8964| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8965| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
8966| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
8967| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
8968| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8969| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
8970| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8971| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8972| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8973| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8974| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8975| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8976| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8977| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8978| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
8979| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
8980| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
8981| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
8982| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
8983| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
8984| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8985| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
8986| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
8987| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
8988| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
8989| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
8990| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
8991| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
8992| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8993| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
8994| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
8995| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
8996| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
8997| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
8998| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
8999| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
9000| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
9001| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
9002| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
9003| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
9004| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
9005| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
9006| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
9007| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
9008| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
9009| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
9010| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
9011| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
9012| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
9013| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
9014| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
9015| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
9016| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
9017| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
9018| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
9019| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
9020| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
9021| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
9022| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
9023| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
9024| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
9025| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
9026| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
9027| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
9028| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
9029| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
9030| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
9031| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
9032| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
9033| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
9034| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
9035| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
9036| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
9037| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
9038| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
9039| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
9040| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
9041| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
9042| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
9043| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
9044| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
9045| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
9046| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
9047| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
9048| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
9049| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
9050| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
9051| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
9052| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
9053| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
9054| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
9055| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
9056| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
9057| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
9058| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
9059| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
9060| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
9061| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
9062| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
9063| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
9064| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
9065| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
9066| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
9067| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
9068| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
9069| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
9070| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
9071| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
9072| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
9073| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
9074| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
9075| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
9076| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9077| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
9078| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
9079| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
9080| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
9081| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
9082| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
9083| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
9084| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
9085| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
9086| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
9087| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
9088| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
9089| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
9090| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
9091| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
9092| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
9093| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
9094| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
9095| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
9096| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
9097| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
9098| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
9099| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
9100| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
9101| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
9102| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
9103| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
9104| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
9105| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
9106| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
9107| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
9108| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
9109| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
9110| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
9111| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
9112| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
9113| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
9114| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
9115| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
9116| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
9117| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9118| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9119| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9120| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
9121| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
9122| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
9123| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
9124| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
9125| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
9126| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
9127| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
9128| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
9129| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
9130| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
9131| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
9132| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
9133| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
9134| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
9135| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
9136| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
9137| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
9138| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
9139| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
9140| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
9141| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
9142| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
9143| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
9144| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
9145| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
9146| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
9147| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
9148| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
9149| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
9150| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
9151| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
9152| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
9153| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
9154| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
9155| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
9156| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
9157| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
9158| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
9159| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
9160| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
9161| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
9162| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
9163| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
9164| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
9165| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
9166| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
9167| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
9168| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
9169| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
9170| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
9171| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
9172| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
9173| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
9174| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
9175| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
9176| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
9177| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
9178| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
9179| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
9180| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
9181| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
9182| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
9183| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
9184| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
9185| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
9186| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
9187| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
9188| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
9189| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
9190| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
9191| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
9192| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
9193| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9194| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
9195| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
9196| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
9197| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
9198| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
9199| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
9200| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
9201| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
9202| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
9203| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
9204| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
9205| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
9206| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
9207| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
9208| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
9209| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
9210| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
9211| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
9212| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
9213| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
9214| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
9215| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
9216| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
9217| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
9218| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
9219| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
9220| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
9221| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
9222| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
9223| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
9224| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
9225| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
9226| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
9227| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
9228| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
9229| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
9230| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
9231| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
9232| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
9233| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
9234| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
9235| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
9236| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
9237| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
9238| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
9239| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
9240| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
9241| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
9242| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
9243| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
9244| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
9245| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9246| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
9247| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9248| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9249| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
9250| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9251| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
9252| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
9253| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
9254| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
9255| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
9256| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
9257| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
9258| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
9259| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
9260| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
9261| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
9262| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
9263| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
9264| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
9265| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
9266| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
9267| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
9268| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
9269| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
9270| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
9271| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
9272| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
9273| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
9274| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
9275| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
9276| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
9277| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
9278| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
9279| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
9280| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
9281| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
9282| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
9283| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
9284| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
9285| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
9286| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
9287| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
9288| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
9289| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
9290| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
9291| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
9292| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
9293| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
9294| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
9295| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
9296| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
9297| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
9298| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
9299| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
9300| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
9301| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
9302| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
9303| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
9304| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
9305| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
9306| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
9307| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
9308| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
9309| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
9310| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
9311| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
9312| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
9313| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
9314| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
9315| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
9316| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
9317| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
9318| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
9319| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
9320| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
9321| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
9322| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
9323| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
9324| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
9325| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
9326| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
9327| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
9328| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
9329| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
9330| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9331| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
9332| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
9333| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
9334| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
9335| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
9336| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
9337| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
9338| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9339| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9340| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
9341| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
9342| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
9343| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
9344| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
9345| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
9346| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
9347| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
9348| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
9349| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
9350| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
9351| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
9352| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
9353| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
9354| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
9355| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
9356| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
9357| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
9358| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9359| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
9360| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
9361| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
9362| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
9363| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
9364| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
9365| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
9366| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
9367| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
9368| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
9369| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
9370| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
9371| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
9372| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
9373| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
9374| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
9375| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
9376| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
9377| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
9378| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
9379| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
9380| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
9381| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
9382| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
9383| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
9384| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
9385| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
9386| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
9387| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
9388| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
9389| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
9390| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
9391| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
9392| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
9393| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
9394| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
9395| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
9396| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
9397| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
9398| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9399| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
9400| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
9401| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
9402| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
9403| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
9404| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
9405| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
9406| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
9407| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9408| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
9409| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
9410| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
9411| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
9412| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
9413| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
9414| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
9415| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
9416| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
9417| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
9418| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
9419| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9420| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9421| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9422| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9423| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9424| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
9425| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
9426| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
9427| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
9428| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
9429| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
9430| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
9431| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
9432| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
9433| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
9434| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
9435| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
9436| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
9437| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
9438| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
9439| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
9440| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
9441| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
9442| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
9443| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
9444| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
9445| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
9446| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
9447| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
9448| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
9449| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
9450| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
9451| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
9452| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
9453| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
9454| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
9455| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
9456| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
9457| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
9458| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
9459| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
9460| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
9461| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
9462| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
9463| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
9464| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
9465| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
9466| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
9467| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
9468| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
9469| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
9470| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
9471| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
9472| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
9473| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
9474| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
9475| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
9476| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
9477| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
9478| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
9479| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
9480| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
9481| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
9482| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
9483| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
9484| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
9485| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
9486| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
9487| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
9488| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
9489| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
9490| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
9491| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
9492| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
9493| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
9494| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
9495| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
9496| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
9497| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
9498| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
9499| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
9500| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
9501| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
9502| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
9503| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
9504| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
9505| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
9506| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
9507| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
9508| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
9509| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
9510| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
9511| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
9512| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
9513| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
9514| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
9515| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
9516| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
9517| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
9518| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
9519| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
9520| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
9521| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
9522| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
9523| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
9524| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
9525| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
9526| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
9527| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
9528| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
9529| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
9530| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
9531| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
9532| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
9533| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
9534| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
9535| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
9536| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
9537| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
9538| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
9539| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
9540| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
9541| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
9542| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
9543| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
9544| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
9545| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
9546| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
9547| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
9548| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
9549| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
9550| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
9551| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
9552| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
9553| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
9554| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
9555| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
9556| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
9557| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
9558| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
9559| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
9560| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
9561| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
9562| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
9563| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
9564| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
9565| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
9566| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
9567| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
9568| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
9569| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
9570| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
9571| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
9572| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
9573| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
9574| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
9575| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
9576| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
9577| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
9578| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
9579| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
9580| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
9581| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
9582| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
9583| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
9584| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
9585| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
9586| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
9587| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
9588| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
9589| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
9590| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
9591| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
9592| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
9593| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
9594| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
9595| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
9596| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
9597| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
9598| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
9599| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
9600| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
9601| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
9602| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
9603| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
9604| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
9605| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
9606| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
9607| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
9608| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
9609| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
9610| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
9611| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
9612| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
9613| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
9614| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
9615| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
9616| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
9617| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
9618| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
9619| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
9620| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
9621| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
9622| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
9623| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
9624| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
9625| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
9626| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
9627| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
9628| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
9629| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
9630| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
9631| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
9632| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
9633| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
9634| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
9635| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
9636| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
9637| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
9638| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
9639| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
9640| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
9641| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
9642| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
9643| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
9644| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
9645| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
9646| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
9647| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
9648| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
9649| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
9650| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
9651| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
9652| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
9653| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
9654| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
9655| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
9656| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
9657| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
9658| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
9659| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
9660| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
9661| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
9662| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
9663| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
9664| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
9665| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
9666| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
9667| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
9668| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
9669| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
9670| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
9671| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
9672| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
9673| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
9674| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
9675| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
9676| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
9677| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
9678| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
9679| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
9680| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
9681| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
9682| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
9683| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
9684| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
9685| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
9686| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
9687| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
9688| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
9689| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
9690| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
9691| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
9692| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
9693| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
9694| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
9695| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
9696| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
9697| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
9698| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
9699| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
9700| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
9701| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
9702| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
9703| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
9704| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
9705| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
9706| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
9707| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
9708| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
9709| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
9710| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
9711| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
9712| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
9713| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
9714| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
9715| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
9716| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
9717| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
9718| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
9719| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
9720| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
9721| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
9722| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
9723| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
9724| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
9725| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
9726| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
9727| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
9728| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
9729| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
9730| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
9731| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
9732| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
9733| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
9734| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
9735| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
9736| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
9737| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
9738| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
9739| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
9740| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
9741| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
9742| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
9743| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
9744| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
9745| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
9746| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
9747| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
9748| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
9749| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
9750| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
9751| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
9752| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
9753| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
9754| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
9755| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
9756| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
9757| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
9758| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
9759| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
9760| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
9761| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
9762| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
9763| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
9764| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
9765| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
9766| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
9767| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
9768| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
9769| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
9770| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
9771| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
9772| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
9773| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
9774| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
9775| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
9776| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
9777| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
9778| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
9779| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
9780| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
9781| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
9782| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
9783| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
9784| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
9785| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
9786| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
9787| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
9788| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
9789| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
9790| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
9791| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
9792| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
9793| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
9794| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
9795| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
9796| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
9797| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
9798| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
9799| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
9800| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
9801| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
9802| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
9803| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
9804| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
9805| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
9806| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
9807| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
9808| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
9809| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
9810| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
9811| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
9812| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
9813| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
9814| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
9815| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
9816| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
9817| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
9818| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
9819| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
9820| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
9821| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
9822| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
9823| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
9824| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
9825| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
9826| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
9827| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
9828| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
9829| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
9830| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
9831| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
9832| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
9833| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
9834| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
9835| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
9836| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
9837| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
9838| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
9839| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
9840| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
9841| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
9842| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
9843| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
9844| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
9845| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
9846| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
9847| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
9848| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
9849| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
9850| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
9851| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
9852| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
9853| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
9854| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
9855| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
9856| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
9857| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
9858| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
9859| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
9860| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
9861| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
9862| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
9863| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
9864| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
9865| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
9866| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
9867| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
9868| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
9869| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
9870| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
9871| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
9872| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
9873| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
9874| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
9875| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
9876| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
9877| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
9878| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
9879| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
9880| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
9881| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
9882| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
9883| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
9884| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
9885| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
9886| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
9887| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
9888| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
9889| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
9890| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
9891| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
9892| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
9893| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
9894| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
9895| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
9896| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
9897| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
9898| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
9899| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
9900| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
9901| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
9902| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
9903| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
9904| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
9905| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
9906| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
9907| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
9908| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
9909| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
9910| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
9911| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
9912| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
9913| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
9914| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
9915| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
9916| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
9917| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
9918| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
9919| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
9920| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
9921| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
9922| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
9923| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
9924| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
9925| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
9926| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
9927| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
9928| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
9929| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
9930| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
9931| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
9932| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
9933| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
9934| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
9935| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
9936| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
9937| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
9938| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
9939| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
9940| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
9941| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
9942| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
9943| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
9944| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
9945| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
9946| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
9947| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
9948| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
9949| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
9950| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
9951| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
9952| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
9953| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
9954| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
9955| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
9956| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
9957| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
9958| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
9959| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
9960| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
9961| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
9962| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
9963| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
9964| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
9965| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
9966| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
9967| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
9968| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
9969| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
9970| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
9971| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
9972| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
9973| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
9974| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
9975| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
9976| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
9977| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
9978| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
9979| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
9980| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
9981| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
9982| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
9983| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
9984| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
9985| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
9986| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
9987| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
9988| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
9989| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
9990| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
9991| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
9992| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
9993| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
9994| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
9995| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
9996| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
9997| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
9998| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
9999| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
10000| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
10001| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10002| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10003| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10004| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10005| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
10006| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
10007| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
10008| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
10009| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
10010| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
10011| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
10012| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
10013| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
10014| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
10015| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
10016| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
10017| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
10018| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10019| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10020| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
10021| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
10022| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10023| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
10024| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
10025| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
10026| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
10027| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
10028| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
10029| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
10030| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
10031| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
10032| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
10033| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
10034| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
10035| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
10036| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
10037| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
10038| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
10039| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
10040| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
10041| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
10042| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
10043| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
10044| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
10045| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
10046| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
10047| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
10048| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
10049| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
10050| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
10051| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
10052| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
10053| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
10054| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10055| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10056| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10057| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10058| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
10059| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
10060| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
10061| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
10062| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
10063| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
10064| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
10065| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
10066| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
10067| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
10068| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
10069| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
10070| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10071| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
10072| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
10073| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
10074| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
10075| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
10076| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
10077| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
10078| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
10079| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
10080| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
10081| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
10082| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
10083| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
10084| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
10085| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
10086| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
10087| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
10088| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
10089| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
10090| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
10091| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
10092| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
10093| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
10094| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
10095| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
10096| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
10097| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
10098| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
10099| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
10100| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
10101| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
10102| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
10103| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
10104| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
10105| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
10106| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
10107| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
10108| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
10109| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
10110| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
10111| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
10112| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
10113| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10114| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
10115| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
10116| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10117| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10118| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10119| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10120| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
10121| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
10122| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
10123| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
10124| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
10125| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
10126| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
10127| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
10128| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
10129| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
10130| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
10131| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
10132| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
10133| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
10134| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
10135| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
10136| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
10137| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
10138| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
10139| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
10140| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
10141| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
10142| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
10143| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
10144| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
10145| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
10146| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
10147| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
10148| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
10149|
10150| SecurityFocus - https://www.securityfocus.com/bid/:
10151| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
10152| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
10153| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
10154| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
10155| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
10156| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
10157| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
10158| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
10159| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
10160| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
10161| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
10162| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
10163| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
10164| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
10165| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
10166| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
10167| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
10168| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
10169| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
10170| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
10171| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
10172| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
10173| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
10174| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
10175| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
10176| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
10177| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
10178| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
10179| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
10180| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
10181| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
10182| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
10183| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
10184| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
10185| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
10186| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
10187| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
10188| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
10189| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
10190| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
10191| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
10192| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
10193| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
10194| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
10195| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
10196| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
10197| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
10198| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
10199| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
10200| [22716] Microsoft Office 2003 Denial of Service Vulnerability
10201| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
10202| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
10203| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
10204| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
10205| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
10206| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
10207| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
10208| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
10209| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
10210| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
10211| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
10212| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
10213| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
10214| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
10215| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
10216| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
10217| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
10218| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
10219| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
10220| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
10221| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
10222| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
10223| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
10224| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
10225| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
10226| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
10227| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
10228| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
10229| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
10230| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
10231| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
10232| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
10233| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
10234| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
10235| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
10236| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
10237| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
10238| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
10239| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
10240| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
10241| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
10242| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
10243| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
10244| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
10245| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
10246| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
10247| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
10248| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
10249| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
10250| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
10251| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
10252| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
10253| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
10254| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
10255| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
10256| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
10257| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
10258| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
10259| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
10260| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
10261| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
10262| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
10263| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
10264| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
10265| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
10266| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
10267| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
10268| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
10269| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
10270| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
10271| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
10272| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
10273| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
10274| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
10275| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
10276| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
10277| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
10278| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
10279| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
10280| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
10281| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
10282| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
10283| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
10284| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
10285| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
10286| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
10287| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
10288| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
10289| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
10290| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
10291| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
10292| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
10293| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
10294| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
10295| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
10296| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
10297| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
10298| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
10299| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
10300| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
10301| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
10302| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
10303| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
10304| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
10305| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
10306| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
10307| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
10308| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
10309| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
10310| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
10311| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
10312| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
10313| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
10314| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
10315| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
10316| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
10317| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
10318| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
10319| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
10320| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
10321| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
10322| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
10323| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
10324| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
10325| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
10326| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
10327| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
10328| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
10329| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
10330| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
10331| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
10332| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
10333| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
10334| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
10335| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
10336| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
10337| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
10338| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
10339| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
10340| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
10341| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
10342| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
10343| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
10344| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
10345| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
10346| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
10347| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
10348| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
10349| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
10350| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
10351| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
10352| [1197] Microsoft Office 2000 UA Control Vulnerability
10353| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
10354| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
10355| [539] Microsoft Windows 2000 EFS Vulnerability
10356| [180] Microsoft Windows April Fools 2001 Vulnerability
10357| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
10358| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
10359| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
10360| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
10361| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
10362| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
10363| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
10364| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
10365| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
10366| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
10367| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
10368| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
10369| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
10370| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
10371| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
10372| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
10373| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
10374| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
10375| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
10376| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
10377| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
10378| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
10379| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
10380| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
10381| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
10382| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
10383| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
10384| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
10385| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
10386| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
10387| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
10388| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
10389| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
10390| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
10391| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
10392| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
10393| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
10394| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
10395| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
10396| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
10397| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
10398| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
10399| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
10400| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
10401| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
10402| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
10403| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
10404| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
10405| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
10406| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
10407| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
10408| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
10409| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
10410| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
10411| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
10412| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
10413| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
10414| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
10415| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
10416| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
10417| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
10418| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
10419| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
10420| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
10421| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
10422|
10423| IBM X-Force - https://exchange.xforce.ibmcloud.com:
10424| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
10425| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
10426| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
10427| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
10428| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
10429| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
10430| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
10431| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
10432| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
10433| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
10434| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
10435| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
10436| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
10437| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
10438| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
10439| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
10440| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
10441| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
10442| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
10443| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
10444| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
10445| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
10446| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
10447| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
10448| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
10449| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
10450| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
10451| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
10452| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
10453| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
10454| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
10455| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
10456| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
10457| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
10458| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
10459| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
10460| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
10461| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
10462| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
10463| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
10464| [48595] Microsoft Word 2007 Email as PDF information disclosure
10465| [46102] Microsoft Windows 2003 SP2 is not installed on the system
10466| [46101] Microsoft Windows 2003 SP1 is not installed on the system
10467| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
10468| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
10469| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
10470| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
10471| [34599] Microsoft Windows Server 2003 terminal server security bypass
10472| [34473] Microsoft Office 2000 ActiveX control buffer overflow
10473| [33713] Microsoft Word 2007 multiple unspecified denial of service
10474| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
10475| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
10476| [31821] Microsoft Windows time zone update for year 2007
10477| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
10478| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
10479| [29546] Microsoft Windows 2000/2003 user logoff initiated
10480| [29545] Microsoft Windows 2000/2003 system time changed
10481| [29544] Microsoft Windows 2000/2003 system security access removed
10482| [29543] Microsoft Windows 2000/2003 security access granted
10483| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
10484| [29541] Microsoft Windows 2000/2003 primary security token issued
10485| [29540] Microsoft Windows 2000/2003 user password reset successful
10486| [29539] Microsoft Windows 2000/2003 object indirectly accessed
10487| [29538] Microsoft Windows 2000/2003 object handle duplicated
10488| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
10489| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
10490| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
10491| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
10492| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
10493| [29532] Microsoft Windows 2000/2003 IKE security association established
10494| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
10495| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
10496| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
10497| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
10498| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
10499| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
10500| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
10501| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
10502| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
10503| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
10504| [29521] Microsoft Windows 2000/2003 account name changed
10505| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
10506| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
10507| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
10508| [26118] Microsoft Office 2003 mailto: information disclosure
10509| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
10510| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
10511| [24473] Microsoft Windows 2000 event ID 565 not logged
10512| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
10513| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
10514| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
10515| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
10516| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
10517| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
10518| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
10519| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
10520| [22183] Microsoft Exchange Server 2003 public folder denial of service
10521| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
10522| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
10523| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
10524| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
10525| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
10526| [19629] Microsoft Exchange Server 2003 folder denial of service
10527| [17826] Microsoft Outlook 2003 CID security bypass
10528| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
10529| [17621] Microsoft Windows 2003 SMTP service code execution
10530| [17560] Microsoft Windows 2000 and XP GDI library denial of service
10531| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
10532| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
10533| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
10534| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
10535| [16907] Microsoft Windows 2003 users with Create global objects privilege
10536| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
10537| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
10538| [16704] Microsoft Windows 2000 Media Player control code execution
10539| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
10540| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
10541| [16570] Microsoft Windows 2003 Users with Create global objects privilege
10542| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
10543| [16562] Microsoft Windows 2003 Groups with "
10544| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
10545| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
10546| [16520] Microsoft Windows 2003 Create global objects privilege
10547| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
10548| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
10549| [16119] Microsoft Outlook 2000 URL spoofing
10550| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
10551| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
10552| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
10553| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
10554| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
10555| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
10556| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
10557| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
10558| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
10559| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
10560| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
10561| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
10562| [13426] Microsoft Windows 2000 and XP RPC race condition
10563| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
10564| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
10565| [13385] Microsoft Windows Server 2003 "
10566| [13211] Microsoft Windows 2000 and XP URG memory leak
10567| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
10568| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
10569| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
10570| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
10571| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
10572| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
10573| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
10574| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
10575| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
10576| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
10577| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
10578| [11901] Microsoft BizTalk Server 2002 SQL injection
10579| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
10580| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
10581| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
10582| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
10583| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
10584| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
10585| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
10586| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
10587| [11216] Microsoft Windows NT and 2000 command prompt denial of service
10588| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
10589| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
10590| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
10591| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
10592| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
10593| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
10594| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
10595| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
10596| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
10597| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
10598| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
10599| [9779] Microsoft Windows 2000 weak system partition permissions
10600| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
10601| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
10602| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
10603| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
10604| [8867] Microsoft Windows 2000 LanMan denial of service
10605| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
10606| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
10607| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
10608| [8739] Microsoft Windows 2000 DCOM memory leak
10609| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
10610| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
10611| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
10612| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
10613| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
10614| [8199] Microsoft Windows 2000 Terminal Services unlocked client
10615| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
10616| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
10617| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
10618| [8037] Microsoft Windows 2000 empty TCP packet denial of service
10619| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
10620| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
10621| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
10622| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
10623| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
10624| [7533] Microsoft Windows 2000 RunAs service denial of service
10625| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
10626| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
10627| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
10628| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
10629| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
10630| [7008] Microsoft Windows 2000 IrDA device denial of service
10631| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
10632| [6931] Microsoft Windows 2000 without Service Pack 2
10633| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
10634| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
10635| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
10636| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
10637| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
10638| [6669] Microsoft Windows 2000 Telnet system call denial of service
10639| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
10640| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
10641| [6666] Microsoft Windows 2000 Telnet username denial of service
10642| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
10643| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
10644| [6652] Microsoft Exchange 2000 OWA script execution
10645| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
10646| [6506] Microsoft Windows 2000 Server Kerberos denial of service
10647| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
10648| [6160] Microsoft Windows 2000 event viewer buffer overflow
10649| [6136] Microsoft Windows 2000 domain controller denial of service
10650| [6035] Microsoft Windows 2000 Server RDP denial of service
10651| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
10652| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
10653| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
10654| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
10655| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
10656| [5585] Microsoft Windows 2000 brute force attack
10657| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
10658| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
10659| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
10660| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
10661| [5263] Microsoft Office 2000 executes .dll without users knowledge
10662| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
10663| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
10664| [5203] Microsoft Windows 2000 still image service
10665| [5171] Microsoft Windows 2000 Local Security Policy corruption
10666| [5080] Microsoft Office 2000 HTML object tag buffer overflow
10667| [5033] Microsoft Windows 2000 without Service Pack 1
10668| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
10669| [5015] Microsoft Windows NT and 2000 executable path
10670| [4887] Microsoft Windows 2000 Kerberos ticket renewed
10671| [4886] Microsoft Windows 2000 logon session reconnected
10672| [4885] Microsoft Windows 2000 logon session disconnected
10673| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
10674| [4873] Microsoft Windows 2000 user account mapped for logon
10675| [4872] Microsoft Windows 2000 account logon failed
10676| [4871] Microsoft Windows 2000 account used for logon
10677| [4855] Microsoft Windows 2000 group type change
10678| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
10679| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
10680| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
10681| [4819] Microsoft Windows 2000 default SYSKEY configuration
10682| [4787] Microsoft Windows 2000 user account locked out
10683| [4786] Microsoft Windows 2000 computer account created
10684| [4785] Microsoft Windows 2000 computer account changed
10685| [4784] Microsoft Windows 2000 computer account deleted
10686| [4714] Microsoft Windows 2000 "
10687| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
10688| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
10689| [4138] Microsoft Windows 2000 system file integrity feature is disabled
10690| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
10691| [4085] Microsoft Windows 2000 non-Gregorial calendar error
10692| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
10693| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
10694| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
10695| [4080] Microsoft Windows 2000 AOL image support
10696| [4079] Microsoft Windows 2000 High Encryption Pack
10697| [3854] Microsoft Office 2000 security setting
10698| [1376] Microsoft Proxy 2.0 denial of service
10699| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
10700| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
10701| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
10702| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
10703| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
10704| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
10705| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
10706| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
10707| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
10708| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
10709| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
10710| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
10711| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
10712| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
10713| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
10714| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
10715| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
10716| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
10717| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
10718| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
10719| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
10720| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
10721| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
10722| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
10723| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
10724| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
10725| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
10726| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
10727| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
10728| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
10729| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
10730| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
10731| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
10732| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
10733| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
10734| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
10735| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
10736| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
10737| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
10738| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
10739| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
10740| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
10741| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
10742| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
10743| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
10744| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
10745| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
10746| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
10747| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
10748| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
10749| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
10750| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
10751| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
10752| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
10753| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
10754| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
10755| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
10756| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
10757| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
10758| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
10759| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
10760| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
10761| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
10762| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
10763| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
10764| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
10765| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
10766| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
10767| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
10768| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
10769| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
10770| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
10771| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
10772| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
10773| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
10774| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
10775| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
10776| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
10777| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
10778| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
10779| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
10780| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
10781| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
10782| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
10783| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
10784| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
10785| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
10786| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
10787| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
10788| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
10789| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
10790| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
10791| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
10792| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
10793| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
10794| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
10795| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
10796| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
10797| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
10798| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
10799| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
10800| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
10801| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
10802| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
10803| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
10804| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
10805| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
10806| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
10807| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
10808| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
10809| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
10810| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
10811| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
10812| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
10813| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
10814| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
10815| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
10816| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
10817| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
10818| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
10819| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
10820| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
10821| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
10822| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
10823| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
10824| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
10825| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
10826| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
10827| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
10828| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
10829| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
10830| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
10831| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
10832| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
10833| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
10834| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
10835| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
10836| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
10837| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
10838| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
10839| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
10840| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
10841| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
10842| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
10843| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
10844| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
10845| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
10846| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
10847| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
10848| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
10849| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
10850| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
10851| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
10852| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
10853| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
10854| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
10855| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
10856| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
10857| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
10858| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
10859| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
10860| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
10861| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
10862| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
10863| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
10864| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
10865| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
10866| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
10867| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
10868| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
10869| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
10870| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
10871| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
10872| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
10873| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
10874| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
10875| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
10876| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
10877| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
10878| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
10879| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
10880| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
10881| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
10882| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
10883| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
10884| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
10885| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
10886| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
10887| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
10888| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
10889| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
10890| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
10891| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
10892| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
10893| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
10894| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
10895| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
10896| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
10897| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
10898| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
10899| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
10900| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
10901| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
10902| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
10903| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
10904| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
10905| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
10906| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
10907| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
10908| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
10909| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
10910| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
10911| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
10912| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
10913| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
10914| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
10915| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
10916| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
10917| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
10918| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
10919| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
10920| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
10921| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
10922| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
10923| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
10924| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
10925| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
10926| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
10927| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
10928| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
10929| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
10930| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
10931| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
10932| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
10933| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
10934| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
10935| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
10936| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
10937| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
10938| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
10939| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
10940| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
10941| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
10942| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
10943| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
10944| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
10945| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
10946| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
10947| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
10948| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
10949| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
10950| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
10951| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
10952| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
10953| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
10954| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
10955| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
10956| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
10957| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
10958| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
10959| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
10960| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
10961| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
10962| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
10963| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
10964| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
10965| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
10966| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
10967| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
10968| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
10969| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
10970| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
10971| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
10972| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
10973| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
10974| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
10975| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
10976| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
10977| [9146] Microsoft Passport SDK 2.1 events reporting disabled
10978| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
10979| [9067] Microsoft Passport SDK 2.1 default test site exposure
10980| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
10981| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
10982| [9064] Microsoft Passport SDK 2.1 default time window exposure
10983| [1271] Microsoft IIS version 2 installed
10984| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
10985|
10986| Exploit-DB - https://www.exploit-db.com:
10987| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
10988| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
10989| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
10990| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
10991| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
10992| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
10993| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
10994| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
10995| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
10996| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
10997| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
10998| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
10999| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
11000| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
11001| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
11002| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
11003| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
11004| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
11005| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
11006| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
11007| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
11008| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
11009| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
11010| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
11011| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
11012| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
11013| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
11014| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
11015| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
11016| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
11017| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
11018| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
11019| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
11020| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
11021| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
11022| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
11023| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
11024| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
11025| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
11026| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
11027| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
11028| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
11029| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
11030| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
11031| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
11032| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
11033| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
11034| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
11035| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
11036| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
11037| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
11038| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
11039| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
11040| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
11041| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
11042| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
11043| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
11044| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
11045| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
11046| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
11047| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
11048| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
11049| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
11050| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
11051| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
11052| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
11053| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
11054| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
11055| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
11056| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
11057| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
11058| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
11059| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
11060| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
11061| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
11062| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
11063| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
11064| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
11065| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
11066| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
11067| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
11068| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
11069| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
11070| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
11071| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
11072| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
11073| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
11074| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
11075| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
11076| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
11077| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
11078| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
11079| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
11080| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
11081| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
11082| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
11083| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
11084| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
11085| [18334] Microsoft Office 2003 Home/Pro 0day
11086| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
11087| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
11088| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
11089| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
11090| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
11091| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
11092| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
11093| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
11094| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
11095| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
11096| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
11097| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
11098| [3690] microsoft office word 2007 - Multiple Vulnerabilities
11099| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
11100| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
11101| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
11102| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
11103| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
11104| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
11105| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
11106| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
11107| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
11108| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
11109| [22850] Microsoft Office OneNote 2010 Crash PoC
11110| [22679] Microsoft Visio 2010 Crash PoC
11111| [22655] Microsoft Publisher 2013 Crash PoC
11112| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
11113| [22330] Microsoft Office Excel 2010 Crash PoC
11114| [22310] Microsoft Office Publisher 2010 Crash PoC
11115| [22237] Microsoft Office Picture Manager 2010 Crash PoC
11116| [22215] Microsoft Office Word 2010 Crash PoC
11117| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
11118| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
11119| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
11120| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
11121| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
11122| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
11123| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
11124| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
11125| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
11126| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
11127|
11128| OpenVAS (Nessus) - http://www.openvas.org:
11129| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
11130| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
11131| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
11132| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
11133| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
11134| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
11135| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
11136| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
11137| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
11138| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
11139| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
11140| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
11141| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
11142|
11143| SecurityTracker - https://www.securitytracker.com:
11144| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
11145| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
11146| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
11147| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
11148| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
11149| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
11150| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
11151| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
11152| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
11153| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
11154| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
11155| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
11156| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
11157| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
11158| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
11159| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
11160| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
11161| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
11162| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
11163| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
11164| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
11165| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
11166| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
11167| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
11168| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
11169| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
11170| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
11171| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
11172| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
11173| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
11174| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
11175| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
11176| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
11177| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
11178| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
11179| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
11180| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
11181| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
11182| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
11183| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
11184| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
11185| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
11186| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
11187| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
11188| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
11189| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
11190| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
11191| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
11192| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
11193| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
11194| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
11195| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
11196| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
11197| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
11198| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
11199| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
11200| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
11201| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
11202| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
11203|
11204| OSVDB - http://www.osvdb.org:
11205| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
11206| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
11207| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
11208| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
11209| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
11210| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
11211| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
11212| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
11213| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
11214| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
11215| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
11216| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
11217| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
11218| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
11219| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
11220| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
11221| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
11222| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
11223| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
11224| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
11225| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
11226| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
11227| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
11228| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
11229| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
11230| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
11231| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
11232| [28539] Microsoft Word 2000 Unspecified Code Execution
11233| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
11234| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
11235| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
11236| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
11237| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
11238| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
11239| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
11240| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
11241| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
11242| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
11243| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
11244| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
11245| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
11246| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
11247| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
11248| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
11249| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
11250| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
11251| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
11252| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
11253| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
11254| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
11255| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
11256| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
11257| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
11258| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
11259| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
11260| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
11261| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
11262| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
11263| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
11264| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
11265| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
11266| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
11267| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
11268| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
11269| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
11270| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
11271| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
11272| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
11273| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
11274| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
11275| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
11276| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
11277| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
11278| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
11279| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
11280| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
11281| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
11282| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
11283| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
11284| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
11285| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
11286| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
11287| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
11288| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
11289| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
11290| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
11291| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
11292| [8243] Microsoft SMS Port 2702 DoS
11293| [7202] Microsoft PowerPoint 2000 File Loader Overflow
11294| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
11295| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
11296| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
11297| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
11298| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
11299| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
11300| [6965] Microsoft ISA Server 2000 SSL Packet DoS
11301| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
11302| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
11303| [5179] Microsoft Windows 2000 microsoft-ds DoS
11304| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
11305| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
11306| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
11307| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
11308| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
11309| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
11310| [4168] Microsoft Outlook 2002 mailto URI Script Injection
11311| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
11312| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
11313| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
11314| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
11315| [2244] Microsoft Windows 2000 ShellExecute() API Let
11316| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
11317| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
11318| [1764] Microsoft Windows 2000 Domain Controller DoS
11319| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
11320| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
11321| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
11322| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
11323| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
11324| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
11325| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
11326| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
11327| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
11328| [1399] Microsoft Windows 2000 Windows Station Access
11329| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
11330| [1297] Microsoft Windows 2000 Active Directory Object Attribute
11331| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
11332| [773] Microsoft Windows 2000 Group Policy File Lock DoS
11333| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
11334| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
11335| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
11336| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
11337| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
11338| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
11339|_
11340Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
11341Device type: general purpose
11342Running (JUST GUESSING): Linux 2.6.X (86%)
11343OS CPE: cpe:/o:linux:linux_kernel:2.6
11344Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (86%)
11345No exact OS matches for host (test conditions non-ideal).
11346Network Distance: 20 hops
11347TCP Sequence Prediction: Difficulty=255 (Good luck!)
11348IP ID Sequence Generation: All zeros
11349Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
11350
11351TRACEROUTE (using port 443/tcp)
11352HOP RTT ADDRESS
113531 34.92 ms 10.251.200.1
113542 35.71 ms 104.245.145.177
113553 37.97 ms te0-0-2-1.225.nr11.b010988-1.yyz02.atlas.cogentco.com (38.104.156.9)
113564 36.57 ms te0-0-0-1.agr13.yyz02.atlas.cogentco.com (154.24.54.37)
113575 35.91 ms te0-9-0-9.ccr31.yyz02.atlas.cogentco.com (154.54.43.141)
113586 43.37 ms be3259.ccr21.ymq01.atlas.cogentco.com (154.54.41.206)
113597 112.52 ms be3042.ccr21.lpl01.atlas.cogentco.com (154.54.44.161)
113608 123.00 ms be2182.ccr41.ams03.atlas.cogentco.com (154.54.77.245)
113619 128.86 ms be2813.ccr41.fra03.atlas.cogentco.com (130.117.0.122)
1136210 129.07 ms be3186.agr41.fra03.atlas.cogentco.com (130.117.0.2)
1136311 130.38 ms 149.14.159.74
1136412 240.04 ms 195.229.3.194
1136513 232.37 ms 195.229.3.94
1136614 233.04 ms 195.229.27.174
1136715 ... 16
1136817 233.55 ms 87.101.225.209
1136918 225.07 ms 87.101.225.210
1137019 ...
1137120 230.98 ms fg.gov.sa (87.101.230.92)
11372
11373NSE: Script Post-scanning.
11374Initiating NSE at 00:55
11375Completed NSE at 00:55, 0.00s elapsed
11376Initiating NSE at 00:55
11377Completed NSE at 00:55, 0.00s elapsed
11378Read data files from: /usr/bin/../share/nmap
11379OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
11380Nmap done: 1 IP address (1 host up) scanned in 369.86 seconds
11381 Raw packets sent: 105 (8.328KB) | Rcvd: 440 (50.006KB)
11382##############################################################################################################################################################################################################################################################################
11383Version: 1.11.13-static
11384OpenSSL 1.0.2-chacha (1.0.2g-dev)
11385
11386Connected to 87.101.230.92
11387
11388Testing SSL server 87.101.230.92 on port 443 using SNI name 87.101.230.92
11389
11390 TLS Fallback SCSV:
11391Server supports TLS Fallback SCSV
11392
11393 TLS renegotiation:
11394Secure session renegotiation supported
11395
11396 TLS Compression:
11397Compression disabled
11398
11399 Heartbleed:
11400TLS 1.2 not vulnerable to heartbleed
11401TLS 1.1 not vulnerable to heartbleed
11402TLS 1.0 not vulnerable to heartbleed
11403
11404 Supported Server Cipher(s):
11405Preferred TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
11406Accepted TLSv1.2 256 bits DHE-RSA-AES256-GCM-SHA384 DHE 2048 bits
11407Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
11408Accepted TLSv1.2 128 bits DHE-RSA-AES128-GCM-SHA256 DHE 2048 bits
11409Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
11410Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA256 DHE 2048 bits
11411Accepted TLSv1.2 256 bits ECDHE-RSA-CAMELLIA256-SHA384 Curve P-256 DHE 256
11412Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA256 DHE 2048 bits
11413Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
11414Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA256 DHE 2048 bits
11415Accepted TLSv1.2 128 bits ECDHE-RSA-CAMELLIA128-SHA256 Curve P-256 DHE 256
11416Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA256 DHE 2048 bits
11417Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
11418Accepted TLSv1.2 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
11419Accepted TLSv1.2 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
11420Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
11421Accepted TLSv1.2 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
11422Accepted TLSv1.2 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
11423Accepted TLSv1.2 256 bits AES256-GCM-SHA384
11424Accepted TLSv1.2 128 bits AES128-GCM-SHA256
11425Accepted TLSv1.2 256 bits AES256-SHA256
11426Accepted TLSv1.2 256 bits CAMELLIA256-SHA256
11427Accepted TLSv1.2 128 bits AES128-SHA256
11428Accepted TLSv1.2 128 bits CAMELLIA128-SHA256
11429Accepted TLSv1.2 256 bits AES256-SHA
11430Accepted TLSv1.2 256 bits CAMELLIA256-SHA
11431Accepted TLSv1.2 128 bits AES128-SHA
11432Accepted TLSv1.2 128 bits CAMELLIA128-SHA
11433Accepted TLSv1.2 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
11434Accepted TLSv1.2 128 bits SEED-SHA
11435Preferred TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
11436Accepted TLSv1.1 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
11437Accepted TLSv1.1 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
11438Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
11439Accepted TLSv1.1 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
11440Accepted TLSv1.1 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
11441Accepted TLSv1.1 256 bits AES256-SHA
11442Accepted TLSv1.1 256 bits CAMELLIA256-SHA
11443Accepted TLSv1.1 128 bits AES128-SHA
11444Accepted TLSv1.1 128 bits CAMELLIA128-SHA
11445Accepted TLSv1.1 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
11446Accepted TLSv1.1 128 bits SEED-SHA
11447Accepted TLSv1.1 128 bits IDEA-CBC-SHA
11448Preferred TLSv1.0 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
11449Accepted TLSv1.0 256 bits DHE-RSA-AES256-SHA DHE 2048 bits
11450Accepted TLSv1.0 256 bits DHE-RSA-CAMELLIA256-SHA DHE 2048 bits
11451Accepted TLSv1.0 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
11452Accepted TLSv1.0 128 bits DHE-RSA-AES128-SHA DHE 2048 bits
11453Accepted TLSv1.0 128 bits DHE-RSA-CAMELLIA128-SHA DHE 2048 bits
11454Accepted TLSv1.0 256 bits AES256-SHA
11455Accepted TLSv1.0 256 bits CAMELLIA256-SHA
11456Accepted TLSv1.0 128 bits AES128-SHA
11457Accepted TLSv1.0 128 bits CAMELLIA128-SHA
11458Accepted TLSv1.0 128 bits DHE-RSA-SEED-SHA DHE 2048 bits
11459Accepted TLSv1.0 128 bits SEED-SHA
11460Accepted TLSv1.0 128 bits IDEA-CBC-SHA
11461##############################################################################################################################################################################################################################################################################
11462 SSL Certificate:
11463Signature Algorithm: sha256WithRSAEncryption
11464RSA Key Strength: 2048
11465
11466Subject: fg.gov.sa
11467Altnames: DNS:fg.gov.sa, DNS:www.fg.gov.sa, DNS:mnmc.med.sa, DNS:www.mnmc.med.sa, DNS:jobs.fg.gov.sa
11468Issuer: DigiCert SHA2 Secure Server CA
11469
11470Not valid before: Mar 25 00:00:00 2019 GMT
11471Not valid after: Apr 1 12:00:00 2020 GMT
11472https:/
11473Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 01:05 EDT
11474NSE: Loaded 45 scripts for scanning.
11475NSE: Script Pre-scanning.
11476Initiating NSE at 01:05
11477Completed NSE at 01:05, 0.00s elapsed
11478Initiating NSE at 01:05
11479Completed NSE at 01:05, 0.00s elapsed
11480Initiating Ping Scan at 01:05
11481Scanning 87.101.230.92 [4 ports]
11482Completed Ping Scan at 01:05, 0.27s elapsed (1 total hosts)
11483Initiating Parallel DNS resolution of 1 host. at 01:05
11484Completed Parallel DNS resolution of 1 host. at 01:05, 0.03s elapsed
11485Initiating SYN Stealth Scan at 01:05
11486Scanning fg.gov.sa (87.101.230.92) [65535 ports]
11487Discovered open port 80/tcp on 87.101.230.92
11488Discovered open port 443/tcp on 87.101.230.92
11489SYN Stealth Scan Timing: About 6.86% done; ETC: 01:13 (0:07:01 remaining)
11490Discovered open port 15518/tcp on 87.101.230.92
11491Discovered open port 42965/tcp on 87.101.230.92
11492Discovered open port 52505/tcp on 87.101.230.92
11493Discovered open port 55258/tcp on 87.101.230.92
11494Discovered open port 8669/tcp on 87.101.230.92
11495Discovered open port 55264/tcp on 87.101.230.92
11496Discovered open port 28026/tcp on 87.101.230.92
11497Discovered open port 62680/tcp on 87.101.230.92
11498Discovered open port 9430/tcp on 87.101.230.92
11499Discovered open port 61668/tcp on 87.101.230.92
11500Discovered open port 40159/tcp on 87.101.230.92
11501Discovered open port 34108/tcp on 87.101.230.92
11502Discovered open port 24102/tcp on 87.101.230.92
11503Discovered open port 8737/tcp on 87.101.230.92
11504Discovered open port 15842/tcp on 87.101.230.92
11505Discovered open port 44933/tcp on 87.101.230.92
11506Discovered open port 23226/tcp on 87.101.230.92
11507Discovered open port 54706/tcp on 87.101.230.92
11508Discovered open port 55569/tcp on 87.101.230.92
11509Discovered open port 34865/tcp on 87.101.230.92
11510Discovered open port 955/tcp on 87.101.230.92
11511Discovered open port 28243/tcp on 87.101.230.92
11512Discovered open port 13021/tcp on 87.101.230.92
11513Discovered open port 49808/tcp on 87.101.230.92
11514Discovered open port 41981/tcp on 87.101.230.92
11515Discovered open port 30990/tcp on 87.101.230.92
11516Discovered open port 36246/tcp on 87.101.230.92
11517Discovered open port 46602/tcp on 87.101.230.92
11518Discovered open port 13971/tcp on 87.101.230.92
11519Discovered open port 63599/tcp on 87.101.230.92
11520Discovered open port 18363/tcp on 87.101.230.92
11521Discovered open port 28169/tcp on 87.101.230.92
11522Discovered open port 59327/tcp on 87.101.230.92
11523Discovered open port 1207/tcp on 87.101.230.92
11524Discovered open port 19431/tcp on 87.101.230.92
11525Discovered open port 25913/tcp on 87.101.230.92
11526Discovered open port 39844/tcp on 87.101.230.92
11527Discovered open port 49185/tcp on 87.101.230.92
11528Discovered open port 23517/tcp on 87.101.230.92
11529Discovered open port 43986/tcp on 87.101.230.92
11530Discovered open port 12442/tcp on 87.101.230.92
11531Discovered open port 4695/tcp on 87.101.230.92
11532Discovered open port 49471/tcp on 87.101.230.92
11533Discovered open port 10129/tcp on 87.101.230.92
11534Discovered open port 64621/tcp on 87.101.230.92
11535Discovered open port 65139/tcp on 87.101.230.92
11536Discovered open port 37575/tcp on 87.101.230.92
11537Discovered open port 55508/tcp on 87.101.230.92
11538Discovered open port 14379/tcp on 87.101.230.92
11539Discovered open port 32082/tcp on 87.101.230.92
11540Discovered open port 28279/tcp on 87.101.230.92
11541Discovered open port 51487/tcp on 87.101.230.92
11542Discovered open port 25554/tcp on 87.101.230.92
11543Discovered open port 15769/tcp on 87.101.230.92
11544Discovered open port 7964/tcp on 87.101.230.92
11545Discovered open port 58272/tcp on 87.101.230.92
11546Discovered open port 47837/tcp on 87.101.230.92
11547Discovered open port 7758/tcp on 87.101.230.92
11548Discovered open port 43560/tcp on 87.101.230.92
11549Discovered open port 54469/tcp on 87.101.230.92
11550Discovered open port 58582/tcp on 87.101.230.92
11551Discovered open port 36237/tcp on 87.101.230.92
11552Discovered open port 5060/tcp on 87.101.230.92
11553Discovered open port 32422/tcp on 87.101.230.92
11554Discovered open port 39413/tcp on 87.101.230.92
11555Discovered open port 64429/tcp on 87.101.230.92
11556Discovered open port 11223/tcp on 87.101.230.92
11557Discovered open port 29803/tcp on 87.101.230.92
11558Discovered open port 33772/tcp on 87.101.230.92
11559Discovered open port 10467/tcp on 87.101.230.92
11560Discovered open port 6795/tcp on 87.101.230.92
11561Discovered open port 10134/tcp on 87.101.230.92
11562Discovered open port 65051/tcp on 87.101.230.92
11563Discovered open port 48251/tcp on 87.101.230.92
11564Discovered open port 20490/tcp on 87.101.230.92
11565Discovered open port 57995/tcp on 87.101.230.92
11566Discovered open port 7157/tcp on 87.101.230.92
11567Discovered open port 53950/tcp on 87.101.230.92
11568Discovered open port 40837/tcp on 87.101.230.92
11569Discovered open port 17872/tcp on 87.101.230.92
11570Discovered open port 50601/tcp on 87.101.230.92
11571Discovered open port 45474/tcp on 87.101.230.92
11572Discovered open port 24556/tcp on 87.101.230.92
11573Discovered open port 64649/tcp on 87.101.230.92
11574Discovered open port 16058/tcp on 87.101.230.92
11575Discovered open port 21285/tcp on 87.101.230.92
11576Discovered open port 20148/tcp on 87.101.230.92
11577Discovered open port 43577/tcp on 87.101.230.92
11578Discovered open port 46513/tcp on 87.101.230.92
11579Discovered open port 5150/tcp on 87.101.230.92
11580Discovered open port 1240/tcp on 87.101.230.92
11581Discovered open port 28299/tcp on 87.101.230.92
11582Discovered open port 56393/tcp on 87.101.230.92
11583Discovered open port 34406/tcp on 87.101.230.92
11584Discovered open port 45946/tcp on 87.101.230.92
11585Increasing send delay for 87.101.230.92 from 0 to 5 due to 42 out of 138 dropped probes since last increase.
11586Discovered open port 51623/tcp on 87.101.230.92
11587Discovered open port 3296/tcp on 87.101.230.92
11588Discovered open port 21871/tcp on 87.101.230.92
11589Discovered open port 3678/tcp on 87.101.230.92
11590Discovered open port 36061/tcp on 87.101.230.92
11591Discovered open port 48450/tcp on 87.101.230.92
11592Discovered open port 29097/tcp on 87.101.230.92
11593Discovered open port 58381/tcp on 87.101.230.92
11594Discovered open port 21024/tcp on 87.101.230.92
11595Discovered open port 18138/tcp on 87.101.230.92
11596Discovered open port 15612/tcp on 87.101.230.92
11597Discovered open port 51434/tcp on 87.101.230.92
11598Discovered open port 41733/tcp on 87.101.230.92
11599Discovered open port 39009/tcp on 87.101.230.92
11600Discovered open port 29201/tcp on 87.101.230.92
11601Discovered open port 47926/tcp on 87.101.230.92
11602Discovered open port 28629/tcp on 87.101.230.92
11603Discovered open port 12218/tcp on 87.101.230.92
11604Discovered open port 9145/tcp on 87.101.230.92
11605Discovered open port 17454/tcp on 87.101.230.92
11606Discovered open port 35894/tcp on 87.101.230.92
11607Discovered open port 47643/tcp on 87.101.230.92
11608Discovered open port 43626/tcp on 87.101.230.92
11609Discovered open port 60766/tcp on 87.101.230.92
11610Discovered open port 54348/tcp on 87.101.230.92
11611Discovered open port 59656/tcp on 87.101.230.92
11612Discovered open port 59190/tcp on 87.101.230.92
11613Discovered open port 48747/tcp on 87.101.230.92
11614Discovered open port 47774/tcp on 87.101.230.92
11615Discovered open port 45803/tcp on 87.101.230.92
11616Discovered open port 9610/tcp on 87.101.230.92
11617Discovered open port 33532/tcp on 87.101.230.92
11618Discovered open port 29279/tcp on 87.101.230.92
11619Discovered open port 34523/tcp on 87.101.230.92
11620Discovered open port 65406/tcp on 87.101.230.92
11621Discovered open port 39562/tcp on 87.101.230.92
11622Discovered open port 59135/tcp on 87.101.230.92
11623Discovered open port 42892/tcp on 87.101.230.92
11624Discovered open port 33957/tcp on 87.101.230.92
11625Discovered open port 52245/tcp on 87.101.230.92
11626Discovered open port 63580/tcp on 87.101.230.92
11627Discovered open port 40612/tcp on 87.101.230.92
11628Discovered open port 17606/tcp on 87.101.230.92
11629Discovered open port 64452/tcp on 87.101.230.92
11630Discovered open port 52661/tcp on 87.101.230.92
11631Discovered open port 27432/tcp on 87.101.230.92
11632Discovered open port 9964/tcp on 87.101.230.92
11633Discovered open port 52380/tcp on 87.101.230.92
11634Discovered open port 35952/tcp on 87.101.230.92
11635Discovered open port 27054/tcp on 87.101.230.92
11636Discovered open port 15338/tcp on 87.101.230.92
11637Discovered open port 35430/tcp on 87.101.230.92
11638Discovered open port 52611/tcp on 87.101.230.92
11639Discovered open port 15960/tcp on 87.101.230.92
11640Discovered open port 44945/tcp on 87.101.230.92
11641Discovered open port 29442/tcp on 87.101.230.92
11642Discovered open port 38742/tcp on 87.101.230.92
11643Discovered open port 19975/tcp on 87.101.230.92
11644Discovered open port 39714/tcp on 87.101.230.92
11645Discovered open port 15032/tcp on 87.101.230.92
11646Discovered open port 61044/tcp on 87.101.230.92
11647Discovered open port 5764/tcp on 87.101.230.92
11648Discovered open port 43153/tcp on 87.101.230.92
11649Discovered open port 48319/tcp on 87.101.230.92
11650Discovered open port 43239/tcp on 87.101.230.92
11651Discovered open port 3640/tcp on 87.101.230.92
11652Discovered open port 61931/tcp on 87.101.230.92
11653Discovered open port 52206/tcp on 87.101.230.92
11654Discovered open port 28910/tcp on 87.101.230.92
11655Discovered open port 45123/tcp on 87.101.230.92
11656Discovered open port 36123/tcp on 87.101.230.92
11657Discovered open port 39440/tcp on 87.101.230.92
11658Discovered open port 53081/tcp on 87.101.230.92
11659Discovered open port 3253/tcp on 87.101.230.92
11660Discovered open port 21272/tcp on 87.101.230.92
11661Discovered open port 21830/tcp on 87.101.230.92
11662Discovered open port 31411/tcp on 87.101.230.92
11663Discovered open port 49513/tcp on 87.101.230.92
11664Discovered open port 48096/tcp on 87.101.230.92
11665Discovered open port 63864/tcp on 87.101.230.92
11666Discovered open port 25673/tcp on 87.101.230.92
11667Discovered open port 5181/tcp on 87.101.230.92
11668Discovered open port 42171/tcp on 87.101.230.92
11669Discovered open port 4380/tcp on 87.101.230.92
11670Discovered open port 28748/tcp on 87.101.230.92
11671Discovered open port 46125/tcp on 87.101.230.92
11672Discovered open port 24243/tcp on 87.101.230.92
11673Discovered open port 42930/tcp on 87.101.230.92
11674Discovered open port 47460/tcp on 87.101.230.92
11675Discovered open port 2839/tcp on 87.101.230.92
11676Discovered open port 13985/tcp on 87.101.230.92
11677Discovered open port 23594/tcp on 87.101.230.92
11678Discovered open port 34964/tcp on 87.101.230.92
11679Discovered open port 11166/tcp on 87.101.230.92
11680Discovered open port 28709/tcp on 87.101.230.92
11681Discovered open port 34339/tcp on 87.101.230.92
11682Discovered open port 32482/tcp on 87.101.230.92
11683Discovered open port 18891/tcp on 87.101.230.92
11684Discovered open port 37690/tcp on 87.101.230.92
11685Discovered open port 61070/tcp on 87.101.230.92
11686Discovered open port 50773/tcp on 87.101.230.92
11687Discovered open port 32815/tcp on 87.101.230.92
11688Discovered open port 13794/tcp on 87.101.230.92
11689Discovered open port 65152/tcp on 87.101.230.92
11690Discovered open port 61735/tcp on 87.101.230.92
11691Discovered open port 53179/tcp on 87.101.230.92
11692Discovered open port 7645/tcp on 87.101.230.92
11693Discovered open port 47399/tcp on 87.101.230.92
11694Discovered open port 12057/tcp on 87.101.230.92
11695Discovered open port 5903/tcp on 87.101.230.92
11696Discovered open port 31057/tcp on 87.101.230.92
11697Discovered open port 6911/tcp on 87.101.230.92
11698Discovered open port 25996/tcp on 87.101.230.92
11699Discovered open port 6844/tcp on 87.101.230.92
11700Discovered open port 10614/tcp on 87.101.230.92
11701Discovered open port 19050/tcp on 87.101.230.92
11702Discovered open port 1129/tcp on 87.101.230.92
11703Discovered open port 27647/tcp on 87.101.230.92
11704Discovered open port 64229/tcp on 87.101.230.92
11705Discovered open port 59163/tcp on 87.101.230.92
11706Discovered open port 55418/tcp on 87.101.230.92
11707Discovered open port 47939/tcp on 87.101.230.92
11708Discovered open port 31770/tcp on 87.101.230.92
11709Discovered open port 49836/tcp on 87.101.230.92
11710Discovered open port 15387/tcp on 87.101.230.92
11711Discovered open port 62216/tcp on 87.101.230.92
11712Discovered open port 8529/tcp on 87.101.230.92
11713Discovered open port 60069/tcp on 87.101.230.92
11714Discovered open port 40944/tcp on 87.101.230.92
11715Discovered open port 9762/tcp on 87.101.230.92
11716Discovered open port 40352/tcp on 87.101.230.92
11717SYN Stealth Scan Timing: About 17.68% done; ETC: 01:11 (0:04:44 remaining)
11718SYN Stealth Scan Timing: About 20.43% done; ETC: 01:13 (0:05:54 remaining)
11719SYN Stealth Scan Timing: About 23.39% done; ETC: 01:14 (0:06:36 remaining)
11720SYN Stealth Scan Timing: About 26.34% done; ETC: 01:15 (0:07:02 remaining)
11721SYN Stealth Scan Timing: About 49.68% done; ETC: 01:18 (0:06:33 remaining)
11722SYN Stealth Scan Timing: About 56.20% done; ETC: 01:19 (0:05:54 remaining)
11723SYN Stealth Scan Timing: About 62.12% done; ETC: 01:19 (0:05:13 remaining)
11724SYN Stealth Scan Timing: About 68.05% done; ETC: 01:19 (0:04:30 remaining)
11725SYN Stealth Scan Timing: About 73.68% done; ETC: 01:20 (0:03:45 remaining)
11726SYN Stealth Scan Timing: About 79.01% done; ETC: 01:20 (0:03:02 remaining)
11727SYN Stealth Scan Timing: About 84.34% done; ETC: 01:20 (0:02:17 remaining)
11728SYN Stealth Scan Timing: About 89.68% done; ETC: 01:20 (0:01:31 remaining)
11729SYN Stealth Scan Timing: About 95.01% done; ETC: 01:20 (0:00:44 remaining)
11730Completed SYN Stealth Scan at 01:20, 897.59s elapsed (65535 total ports)
11731Initiating Service scan at 01:20
11732Scanning 228 services on fg.gov.sa (87.101.230.92)
11733Service scan Timing: About 48.25% done; ETC: 01:22 (0:00:35 remaining)
11734Completed Service scan at 01:23, 127.56s elapsed (228 services on 1 host)
11735Initiating OS detection (try #1) against fg.gov.sa (87.101.230.92)
11736Retrying OS detection (try #2) against fg.gov.sa (87.101.230.92)
11737Initiating Traceroute at 01:23
11738Completed Traceroute at 01:23, 0.05s elapsed
11739Initiating Parallel DNS resolution of 2 hosts. at 01:23
11740Completed Parallel DNS resolution of 2 hosts. at 01:23, 0.00s elapsed
11741NSE: Script scanning 87.101.230.92.
11742Initiating NSE at 01:23
11743Completed NSE at 01:23, 15.72s elapsed
11744Initiating NSE at 01:23
11745Completed NSE at 01:23, 0.01s elapsed
11746Nmap scan report for fg.gov.sa (87.101.230.92)
11747Host is up (0.036s latency).
11748Not shown: 65303 filtered ports
11749PORT STATE SERVICE VERSION
1175025/tcp closed smtp
1175180/tcp open http
11752| fingerprint-strings:
11753| FourOhFourRequest:
11754| HTTP/1.0 301 Moved Permanently
11755| Date: Mon, 12 Aug 2019 05:21:13 GMT
11756| Location: https://192.168.192.151/nice%20ports%2C/Tri%6Eity.txt%2ebak
11757| Content-Length: 98
11758| Content-Type: text/html
11759| <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
11760| GetRequest:
11761| HTTP/1.0 301 Moved Permanently
11762| Date: Mon, 12 Aug 2019 05:21:05 GMT
11763| Location: https://192.168.192.151/
11764| Content-Length: 98
11765| Content-Type: text/html
11766| <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
11767| HTTPOptions:
11768| HTTP/1.0 301 Moved Permanently
11769| Date: Mon, 12 Aug 2019 05:21:06 GMT
11770| Location: https://192.168.192.151/
11771| Content-Length: 98
11772| Content-Type: text/html
11773|_ <head><title>Object moved permanently</title></head><body><h1>Object Moved Permanently</h1></body>
11774113/tcp closed ident
11775139/tcp closed netbios-ssn
11776443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
11777|_http-server-header: XXXXXXXXXXXXXXXXXX
11778| vulscan: VulDB - https://vuldb.com:
11779| [131683] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Win32k memory corruption
11780| [131642] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Active Directory privilege escalation
11781| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
11782| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
11783| [123853] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel Memory information disclosure
11784| [122858] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 LNK memory corruption
11785| [122833] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI+ memory corruption
11786| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
11787| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
11788| [119469] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Kernel privilege escalation
11789| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
11790| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
11791| [114528] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 GDI privilege escalation
11792| [114524] Microsoft ASP.NET Core 2.0 denial of service
11793| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
11794| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
11795| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
11796| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
11797| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
11798| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
11799| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
11800| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
11801| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
11802| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11803| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11804| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11805| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11806| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11807| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11808| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11809| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11810| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11811| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11812| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
11813| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
11814| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
11815| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
11816| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
11817| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
11818| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
11819| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
11820| [111347] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Color Management Icm32.dll information disclosure
11821| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
11822| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
11823| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11824| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature Macro privilege escalation
11825| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
11826| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11827| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11828| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11829| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
11830| [106497] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Uniscribe memory corruption
11831| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11832| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11833| [105051] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 Font Library privilege escalation
11834| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
11835| [102513] Microsoft Windows XP SP3/Server 2003 SP2 OLE olecnv32.dll privilege escalation
11836| [102512] Microsoft Windows XP SP3/Server 2003 SP2 rpc privilege escalation
11837| [102511] Microsoft Windows XP SP3/Server 2003 SP2 RDP EsteemAudit privilege escalation
11838| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
11839| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
11840| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
11841| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11842| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
11843| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
11844| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
11845| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
11846| [101011] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2008 R2 SP1 ActiveX Object Memory memory corruption
11847| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
11848| [99904] Microsoft Windows XP SP3/Server 2003 SP2 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
11849| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
11850| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
11851| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
11852| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
11853| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
11854| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
11855| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
11856| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
11857| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
11858| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11859| [98085] Microsoft Excel 2007 SP3 memory corruption
11860| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
11861| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
11862| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
11863| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
11864| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
11865| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
11866| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
11867| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
11868| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
11869| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 information disclosure
11870| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
11871| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11872| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
11873| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
11874| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 memory corruption
11875| [93541] Microsoft Office 2007 SP3 denial of service
11876| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
11877| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
11878| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
11879| [93396] Microsoft Office 2007/2010/2011 memory corruption
11880| [93395] Microsoft Office 2007/2010/2011 memory corruption
11881| [93394] Microsoft Office 2007/2010 memory corruption
11882| [92596] Microsoft Windows Vista SP2/7 SP1/Server 2008 SP2/Server 2008 R2 Internet Messaging API File information disclosure
11883| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
11884| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11885| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
11886| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11887| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11888| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11889| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
11890| [91545] Microsoft Office 2007/2010 memory corruption
11891| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11892| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
11893| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
11894| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
11895| [90705] Microsoft Office 2007/2010/2011 memory corruption
11896| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
11897| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
11898| [89034] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
11899| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
11900| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
11901| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
11902| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
11903| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL memory corruption
11904| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
11905| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
11906| [87935] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
11907| [87934] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
11908| [87933] Microsoft Windows Vista SP2/Server 2008 SP2/Server 2008 R2 SP1 VBScript/JScript memory corruption
11909| [87147] Microsoft Office 2007/2010 memory corruption
11910| [87145] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
11911| [87144] Microsoft Windows Vista SP2/Server 2008 JScript/VBScript memory corruption
11912| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
11913| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
11914| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
11915| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
11916| [81272] Microsoft Office 2007/2010/2013 memory corruption
11917| [81265] Microsoft Windows Vista SP2/Server 2008 Library Loader memory corruption
11918| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11919| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11920| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
11921| [79506] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Library Loader memory corruption
11922| [79505] Microsoft Office 2007 memory corruption
11923| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
11924| [79503] Microsoft Office 2007/2010/2013 memory corruption
11925| [79502] Microsoft Office 2007/2010/2011 memory corruption
11926| [79501] Microsoft Office 2007/2010 memory corruption
11927| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
11928| [79493] Microsoft Windows Vista/Server 2008 Graphics memory corruption
11929| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
11930| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1/2016 Office Document memory corruption
11931| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
11932| [79167] Microsoft Windows Vista/7/Server 2008/Server 2008 R2 Journal memory corruption
11933| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
11934| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
11935| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 EPS Image memory corruption
11936| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
11937| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
11938| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
11939| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
11940| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
11941| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
11942| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
11943| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
11944| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
11945| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
11946| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
11947| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 Office Document memory corruption
11948| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
11949| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
11950| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
11951| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
11952| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
11953| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
11954| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
11955| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2013 RT SP1 memory corruption
11956| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
11957| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
11958| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
11959| [73979] Microsoft Exchange Server 2003 SP1/2003 CU7 Meeting privilege escalation
11960| [73978] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
11961| [73977] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
11962| [73976] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
11963| [73975] Microsoft Exchange Server 2003 SP1/2003 CU7 cross site scripting
11964| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
11965| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
11966| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
11967| [69155] Microsoft Excel 2007/2010/2013/- Object memory corruption
11968| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
11969| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
11970| [68408] Microsoft Excel 2007/2010/2013 memory corruption
11971| [68407] Microsoft Excel 2007/2010 memory corruption
11972| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
11973| [68195] Microsoft Windows Vista/7/Server 2003/Server 2008 Input Method Editor Sandbox privilege escalation
11974| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
11975| [68188] Microsoft Word 2007 File memory corruption
11976| [68187] Microsoft Word 2007 File memory corruption
11977| [68186] Microsoft Word 2007 File memory corruption
11978| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
11979| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
11980| [71337] Microsoft Office 2000/2004/XP memory corruption
11981| [67355] Microsoft OneNote 2007 File Processing privilege escalation
11982| [67354] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 SQL Master Data Services cross site scripting
11983| [67353] Microsoft SQL Server 2008 SP3/2008 R2 SP2/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
11984| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
11985| [13545] Microsoft Word 2007 Embedded Font memory corruption
11986| [13397] Microsoft Windows XP/2000/Server 2003 DHCP Response DHCP ACK spoofing
11987| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
11988| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
11989| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
11990| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
11991| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
11992| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
11993| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
11994| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
11995| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
11996| [12844] Microsoft Word 2007/2010 Office File memory corruption
11997| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
11998| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
11999| [12530] Microsoft Windows XP/Vista/Server 2003/Server 2008/Server 2012 Security Account Manager Lockout privilege escalation
12000| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
12001| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
12002| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
12003| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
12004| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
12005| [11151] Microsoft Outlook 2007/2010/2013/- S/MIME Certificate Metadata Expansion memory corruption
12006| [11149] Microsoft Office 2003/2007/2010/2013/- WordPerfect Document epsimp32.flt memory corruption
12007| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
12008| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
12009| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
12010| [11081] Microsoft Windows Vista/Server 2008 TIFF Image memory corruption
12011| [10648] Microsoft Word 2007 Word File memory corruption
12012| [10647] Microsoft Word 2003 Word File memory corruption
12013| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
12014| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
12015| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
12016| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
12017| [10244] Microsoft Office 2003 SP3 Word File memory corruption
12018| [10243] Microsoft Office 2003/2007 Word File memory corruption
12019| [10242] Microsoft Office 2007 Word File memory corruption
12020| [10241] Microsoft Office 2007 Word File memory corruption
12021| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
12022| [10239] Microsoft Office 2003/2007 Word File memory corruption
12023| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
12024| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
12025| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
12026| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12027| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12028| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12029| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12030| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12031| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12032| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12033| [10192] Microsoft Windows XP SP3/Vista/7/2000/Server 2003 SP2 Windows Theme File privilege escalation
12034| [10191] Microsoft Windows XP/Server 2003 OLE Object privilege escalation
12035| [10190] Microsoft Windows Vista/7/8/Server 2008 Active Directory denial of service
12036| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
12037| [9941] Microsoft Windows XP/Server 2003 Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
12038| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
12039| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
12040| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
12041| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
12042| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
12043| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
12044| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
12045| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
12046| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
12047| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
12048| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
12049| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
12050| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
12051| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
12052| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
12053| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
12054| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
12055| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
12056| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
12057| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
12058| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
12059| [7641] Microsoft Windows XP/Vista/Server 2003/Server 2008 DirectShow Quartz.dll memory corruption
12060| [8589] Microsoft System Center Operations Manager 2007 SP1/2007 R2 ViewTypeManager.aspx cross site scripting
12061| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
12062| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
12063| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
12064| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
12065| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
12066| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
12067| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
12068| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
12069| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
12070| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
12071| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
12072| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
12073| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
12074| [6830] Microsoft Word 2007/2010 File memory corruption
12075| [6819] Microsoft Excel 2007 File memory corruption
12076| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
12077| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
12078| [6622] Microsoft Word 2003/2007/2010/- RTF Document memory corruption
12079| [6621] Microsoft Word 2007 PAPX memory corruption
12080| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
12081| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
12082| [5939] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Print Spooler Service memory corruption
12083| [5938] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 R2 Remote Administration Protocol netapi32.dll RAP Request denial of service
12084| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
12085| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
12086| [5654] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 information disclosure
12087| [5653] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
12088| [5652] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 win32k.sys memory corruption
12089| [5650] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
12090| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
12091| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
12092| [5643] Microsoft SharePoint 2007/2010 information disclosure
12093| [5642] Microsoft SharePoint 2007 cross site request forgery
12094| [5553] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Font atmfd.dll denial of service
12095| [5524] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 memory corruption
12096| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
12097| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
12098| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
12099| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
12100| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
12101| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
12102| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
12103| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
12104| [5046] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
12105| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
12106| [4802] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Protocol denial of service
12107| [4798] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Remote Desktop Service memory corruption
12108| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
12109| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
12110| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
12111| [4535] Microsoft Windows XP/Server 2003 Object Packager packager.exe privilege escalation
12112| [4534] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
12113| [4533] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Multimedia Library winmm.dll MIDI File memory corruption
12114| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication Redirect
12115| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
12116| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
12117| [4480] Microsoft Excel 2003 memory corruption
12118| [4478] Microsoft Windows XP/Server 2003 OLE Objects Memory Management memory corruption
12119| [4477] Microsoft PowerPoint 2007 OfficeArt Use-After-Free memory corruption
12120| [4474] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Active Directory Query memory corruption
12121| [4473] Microsoft Powerpoint 2007/2010 DLL-Loader memory corruption
12122| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
12123| [4470] Microsoft Office 2003 SP3 memory corruption
12124| [4453] Microsoft Excel 2003 Record Parser memory corruption
12125| [4446] Microsoft Office 2008/2007 OfficeArt Record Parser memory corruption
12126| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
12127| [4438] Microsoft Windows Vista/7/Server 2008 TCP/IP Reference Counter denial of service
12128| [5358] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 TrueType Font Handling memory corruption
12129| [59005] Microsoft Host Integration Server 2004 denial of service
12130| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
12131| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
12132| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
12133| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
12134| [58488] Microsoft Office 2007/2010 memory corruption
12135| [4412] Microsoft Office 2003/2007 Library Loader Designfehler
12136| [4411] Microsoft Excel 2003 memory corruption
12137| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
12138| [58240] Microsoft Visio 2003/2007 memory corruption
12139| [58237] Microsoft Visio 2003/2007/2010 memory corruption
12140| [4396] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
12141| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
12142| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
12143| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
12144| [4388] Microsoft Windows Vista/7/Server 2008 File Metadata Parser denial of service
12145| [57691] Microsoft SQL Server 2008 Web Service information disclosure
12146| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
12147| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
12148| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
12149| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
12150| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
12151| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
12152| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
12153| [4369] Microsoft Excel 2002/2003/2007 memory corruption
12154| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
12155| [4362] Microsoft Windows Vista/7/Server 2008 denial of service
12156| [57420] Microsoft PowerPoint 2002/2003 memory corruption
12157| [4349] Microsoft Office 2004/2008/2007 Presentation File Parser memory corruption
12158| [4348] Microsoft Powerpoint 2002/2003/2007 memory corruption
12159| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
12160| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
12161| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
12162| [57076] Microsoft Excel 2002/2003 memory corruption
12163| [57075] Microsoft Excel 2002/2003 memory corruption
12164| [57074] Microsoft Excel 2002 memory corruption
12165| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
12166| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
12167| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
12168| [56475] Microsoft Office 2004/2008 memory corruption
12169| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
12170| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
12171| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
12172| [4297] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 OpenType Compact Font Format Driver privilege escalation
12173| [4296] Microsoft Windows XP/Server 2003 LSASS Authentication Request unknown vulnerability
12174| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
12175| [4294] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys unknown vulnerability
12176| [4293] Microsoft Windows XP/Server 2003 Kerberos CRC32 Checksum privilege escalation
12177| [4292] Microsoft Windows XP/Server 2003 CSRSS Logoff privilege escalation
12178| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
12179| [4286] Microsoft Powerpoint 2007 OfficeArt Container Parser memory corruption
12180| [4279] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 MHTML cross site scripting
12181| [56176] Microsoft Windows XP/7/Server 2003 fxscover.exe CDrawPoly::Serialize memory corruption
12182| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
12183| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
12184| [55765] Microsoft Office 2003/Xp Integer memory corruption
12185| [55764] Microsoft Office 2003/Xp memory corruption
12186| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
12187| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
12188| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
12189| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
12190| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
12191| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
12192| [4224] Microsoft Windows Vista/7/Server 2008 Consent User Interface privilege escalation
12193| [4231] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Driver win32k.sys GreEnableEUDC denial of service
12194| [55420] Microsoft Office 2007/2010 memory corruption
12195| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
12196| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
12197| [55411] Microsoft PowerPoint 2002/2003 memory corruption
12198| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
12199| [54995] Microsoft Office 2004/2008 memory corruption
12200| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
12201| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
12202| [54992] Microsoft Excel 2002 memory corruption
12203| [54991] Microsoft Office 2004 Future memory corruption
12204| [54990] Microsoft Office 2004 memory corruption
12205| [54989] Microsoft Office 2004/2008 memory corruption
12206| [54988] Microsoft Excel 2002 memory corruption
12207| [54987] Microsoft Excel 2002 memory corruption
12208| [54986] Microsoft Excel 2002/2003 memory corruption
12209| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
12210| [54984] Microsoft Office 2004/2008 memory corruption
12211| [54983] Microsoft Excel 2002 Integer memory corruption
12212| [54980] Microsoft Word 2002/2003 memory corruption
12213| [54979] Microsoft Word 2002 memory corruption
12214| [54978] Microsoft Word 2002 memory corruption
12215| [54977] Microsoft Word 2002 Heap-based memory corruption
12216| [54976] Microsoft Word 2002 memory corruption
12217| [54975] Microsoft Word 2002 memory corruption
12218| [54974] Microsoft Word 2002 memory corruption
12219| [54973] Microsoft Word 2002 memory corruption
12220| [54972] Microsoft Word 2002 memory corruption
12221| [54971] Microsoft Word 2002 memory corruption
12222| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
12223| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
12224| [4194] Microsoft Windows Vista/7/Server 2008 SChannel Client Certificate Request denial of service
12225| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
12226| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
12227| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
12228| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
12229| [54554] Microsoft Groove 2007 mso.dll memory corruption
12230| [4187] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack Ipv4SetEchoRequestCreate() denial of service
12231| [54322] Microsoft Word 2002/2003 memory corruption
12232| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
12233| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
12234| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
12235| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
12236| [4165] Microsoft Windows Vista/7/Server 2008 TCP/IP Stack denial of service
12237| [4162] Microsoft Windows Vista/7/Server 2008 Kernel memory corruption
12238| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
12239| [4149] Microsoft Windows XP/Vista/7/Server 2003/Server 2008 Shell Shortcut Parser memory corruption
12240| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
12241| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
12242| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
12243| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
12244| [4151] Microsoft Windows Vista/Server 2008 NtUserCheckAccessForIntegrityLevel memory corruption
12245| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
12246| [53505] Microsoft Excel 2002/2007 memory corruption
12247| [53501] Microsoft Excel 2002 memory corruption
12248| [53500] Microsoft Excel 2002 memory corruption
12249| [53499] Microsoft Excel 2002 memory corruption
12250| [53495] Microsoft Excel 2002/2003/2007 memory corruption
12251| [53494] Microsoft Excel 2002 Stack-based memory corruption
12252| [53504] Microsoft Excel 2002 memory corruption
12253| [53503] Microsoft Excel 2002 Stack-Based memory corruption
12254| [53502] Microsoft Excel 2002 Heap-based memory corruption
12255| [53498] Microsoft Excel 2002 Stack-based memory corruption
12256| [53497] Microsoft Excel 2002 memory corruption
12257| [53496] Microsoft Excel 2002 memory corruption
12258| [53493] Microsoft Excel 2002/2003/2007 memory corruption
12259| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
12260| [53366] Microsoft ASP.NET 2.0 cross site scripting
12261| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
12262| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
12263| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
12264| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
12265| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
12266| [52773] Microsoft Visio 2002/2003/2007 memory corruption
12267| [52772] Microsoft Visio 2002/2003/2007 memory corruption
12268| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
12269| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
12270| [52543] Microsoft Virtual PC 2007 unknown vulnerability
12271| [52148] Microsoft Office 2004/2008/2007 Uninitialized Memory memory corruption
12272| [52147] Microsoft Office 2004/2008/2007 Spreadsheet Uninitialized Memory memory corruption
12273| [52146] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
12274| [52145] Microsoft Office 2004/2008/2007 Spreadsheet Heap-based memory corruption
12275| [52144] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
12276| [52143] Microsoft Office 2004/2008/2007 Spreadsheet memory corruption
12277| [4090] Microsoft Excel 2002/2003/2007 memory corruption
12278| [52036] Microsoft Windows 2000 MsgBox memory corruption
12279| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
12280| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
12281| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
12282| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
12283| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
12284| [51799] Microsoft PowerPoint 2002/2003 memory corruption
12285| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
12286| [4082] Microsoft Powerpoint 2002 memory corruption
12287| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
12288| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
12289| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
12290| [51133] Microsoft Windows 2000 SP4/XP SP2/SP3/Server 2003 SP2 memory corruption
12291| [51074] Microsoft Office 2002/2003 Integer memory corruption
12292| [4069] Microsoft Project 2007/2003 Project Memory Validator memory corruption
12293| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
12294| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
12295| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
12296| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
12297| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
12298| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
12299| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
12300| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
12301| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
12302| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
12303| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
12304| [50443] Microsoft Office Powerpoint 2007 Integer memory corruption
12305| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
12306| [49866] Microsoft Windows Server 2003 memory corruption
12307| [4031] Microsoft Windows Vista/Server 2008 SMB Processor EducatedScholar memory corruption
12308| [4030] Microsoft Windows Vista/Server 2008 Wireless LAN AutoConfig Service Heap-based memory corruption
12309| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
12310| [49745] Microsoft Windows Server 2003 denial of service
12311| [49394] Microsoft Windows Server 2003 memory corruption
12312| [49198] Microsoft Visual Studio 2005 information disclosure
12313| [49047] Microsoft Virtual Server 2005 privilege escalation
12314| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
12315| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
12316| [49044] Microsoft ISA Server 2006 privilege escalation
12317| [3999] Microsoft Office 2007 Pointer memory corruption
12318| [4000] Microsoft Office 2003/Xp/Sp3 Web Components memory corruption
12319| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
12320| [48572] Microsoft Office Powerpoint 2002 FL21WIN.DLL memory corruption
12321| [48517] Microsoft Windows 2000 Memory Leak memory corruption
12322| [48516] Microsoft Windows Server 2008 unknown vulnerability
12323| [48512] Microsoft Windows Server 2008 unknown vulnerability
12324| [48515] Microsoft Office Word Viewer 2003 memory corruption
12325| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
12326| [48554] Microsoft Excel 2000/2003/2007 memory corruption
12327| [48157] Microsoft Office PowerPoint 2002 Sound memory corruption
12328| [48156] Microsoft Office PowerPoint 2000 Stack-based memory corruption
12329| [48154] Microsoft Office PowerPoint 2002 Sound PP7X32.DLL memory corruption
12330| [48152] Microsoft Office PowerPoint 2002 PP4X32.DLL memory corruption
12331| [48150] Microsoft Office PowerPoint 2002 Sound memory corruption
12332| [48147] Microsoft Office PowerPoint 2002 Sound memory corruption
12333| [48146] Microsoft Office PowerPoint 2002 Integer memory corruption
12334| [48155] Microsoft Office PowerPoint 2002 Notes Container Heap-based memory corruption
12335| [48153] Microsoft Office PowerPoint 2002 Sound memory corruption
12336| [48151] Microsoft Office PowerPoint 2002 Stack-based memory corruption
12337| [48149] Microsoft Office PowerPoint 2002 memory corruption
12338| [48148] Microsoft Office PowerPoint 2002 Sound memory corruption
12339| [3974] Microsoft Powerpoint 2000/2002/2003 Sound Data Stack-based memory corruption
12340| [3973] Microsoft Powerpoint 2000/2002/2003 Notes Container Stack-based memory corruption
12341| [3972] Microsoft Powerpoint 2000/2002/2003 BuildList memory corruption
12342| [3971] Microsoft Powerpoint 2000/2002/2003 Object Stack-based memory corruption
12343| [3970] Microsoft Powerpoint 2000/2002/2003 Paragraph Stack-based memory corruption
12344| [3969] Microsoft Powerpoint 2000/2002/2003 Atom Stack-based memory corruption
12345| [47719] Microsoft Windows 2000 Stack-based memory corruption
12346| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
12347| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
12348| [47715] Microsoft Windows 2000 Wordpad memory corruption
12349| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
12350| [3960] Microsoft Windows XP/2000/Server 2003 DirectShow MJPEG memory corruption
12351| [3952] Microsoft ISA Server 2004/2006 denial of service
12352| [3946] Microsoft PowerPoint 2004/2000/2002/2003 memory corruption
12353| [47091] Microsoft Windows Server 2008 unknown vulnerability
12354| [47090] Microsoft Windows Server 2008 unknown vulnerability
12355| [3939] Microsoft Windows 2000 DNS Designfehler
12356| [3938] Microsoft Windows 2000 SSL weak authentication
12357| [3937] Microsoft Windows 2000 memory corruption
12358| [3932] Microsoft Excel 2004/2000/2002/2003/2007 Object Reference Designfehler
12359| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
12360| [46455] Microsoft Exchange Server 2007 denial of service
12361| [46454] Microsoft Exchange Server 2007 memory corruption
12362| [46453] Microsoft Visio 2002/2003/2007 memory corruption
12363| [46452] Microsoft Visio 2002/2003/2007 memory corruption
12364| [46451] Microsoft Visio 2002/2003/2007 memory corruption
12365| [46327] Microsoft Word 2007 information disclosure
12366| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
12367| [45381] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
12368| [45380] Microsoft Windows Vista SP1/Server 2008 Search memory corruption
12369| [45379] Microsoft Office SharePoint Server 2007 denial of service
12370| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
12371| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
12372| [3891] Microsoft Excel 2000/2002/2003 memory corruption
12373| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
12374| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
12375| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
12376| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
12377| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
12378| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
12379| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
12380| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
12381| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
12382| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
12383| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
12384| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
12385| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
12386| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
12387| [45197] Microsoft Windows 2000 nskey.dll memory corruption
12388| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
12389| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
12390| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
12391| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
12392| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
12393| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
12394| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
12395| [3844] Microsoft Excel 2003 REPT memory corruption
12396| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
12397| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based Eingabeung\xC3\xBCltigkeit
12398| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
12399| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
12400| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
12401| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12402| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12403| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12404| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
12405| [43676] Microsoft Windows XP/Vista/2000/Server 2003 memory corruption
12406| [43675] Microsoft Windows XP/Vista/2000/Server 2003 of memory corruption
12407| [43662] Microsoft Office Powerpoint Viewer up to 2003 memory corruption
12408| [43661] Microsoft Office Powerpoint Viewer 2003 memory corruption
12409| [43660] Microsoft Office Powerpoint Viewer 2003 Integer memory corruption
12410| [43657] Microsoft Office 2000/2003/Xp memory corruption
12411| [43654] Microsoft SharePoint Server 2007 memory corruption
12412| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
12413| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
12414| [3797] Microsoft Windows Vista/Server 2008 IPsec Policy Designfehler
12415| [3796] Microsoft Office 2000 WPG memory corruption
12416| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
12417| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
12418| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
12419| [3792] Microsoft Office 2000 EPS File memory corruption
12420| [3783] Microsoft Word 2002 memory corruption
12421| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
12422| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
12423| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
12424| [3777] Microsoft Windows Vista SP1/Server 2008 Explorer memory corruption
12425| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
12426| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
12427| [42816] Microsoft Word 2000/2003 memory corruption
12428| [42732] Microsoft Windows XP/Vista/Server 2003 denial of service
12429| [42731] Microsoft Windows Server 2003 denial of service
12430| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
12431| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
12432| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
12433| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
12434| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
12435| [41880] Microsoft Project 2000/2002/2003 memory corruption
12436| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
12437| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
12438| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
12439| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
12440| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
12441| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
12442| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
12443| [41453] Microsoft Excel 2000/2002/2003 memory corruption
12444| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
12445| [41451] Microsoft Excel 2000/2002/2003 memory corruption
12446| [41450] Microsoft Excel 2000 memory corruption
12447| [41449] Microsoft Excel 2000/2002/2003 memory corruption
12448| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
12449| [3648] Microsoft Excel 2003 memory corruption
12450| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
12451| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
12452| [41002] Microsoft Office 2000/2003/Xp memory corruption
12453| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
12454| [41000] Microsoft Works 2005/8.0 memory corruption
12455| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
12456| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
12457| [40987] Microsoft Windows 2000 denial of service
12458| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
12459| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
12460| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
12461| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
12462| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
12463| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
12464| [39655] Microsoft Windows Server 2003 spoofing
12465| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
12466| [3373] Microsoft Word 2000/2002 memory corruption
12467| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
12468| [38899] Microsoft ISA Server 2004 information disclosure
12469| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
12470| [38326] Microsoft Windows 2000 attemptwrite memory corruption
12471| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
12472| [3223] Microsoft Windows XP/Server 2003 URI Eingabeung\xC3\xBCltigkeit
12473| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
12474| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
12475| [37738] Microsoft Office 2002/2003 memory corruption
12476| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
12477| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
12478| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
12479| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
12480| [37566] Microsoft Excel 2003 unknown vulnerability
12481| [37526] Microsoft Windows 2000/Server 2003 denial of service
12482| [37248] Microsoft Visio 2002 Packaging memory corruption
12483| [37251] Microsoft Windows 2000 memory corruption
12484| [3119] Microsoft Visio 2002 Object memory corruption
12485| [3118] Microsoft Visio 2002 Data memory corruption
12486| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
12487| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
12488| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
12489| [36616] Microsoft Works 2004/2005/2006 memory corruption
12490| [36621] Microsoft Exchange Server 2000 Integer denial of service
12491| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
12492| [36619] Microsoft Exchange Server 2000/2003/2007 memory corruption
12493| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
12494| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
12495| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
12496| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
12497| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
12498| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
12499| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
12500| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
12501| [36039] Microsoft Content Management Server 2001 memory corruption
12502| [36052] Microsoft Windows 2000 Heap-based memory corruption
12503| [36051] Microsoft Word 2007 file798-1.doc memory corruption
12504| [36050] Microsoft Word 2007 file789-1.doc memory corruption
12505| [36040] Microsoft Content Management Server 2001 cross site scripting
12506| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
12507| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
12508| [2990] Microsoft Windows 2000/XP/Vista Animated Cursor Stack-based memory corruption
12509| [36515] Microsoft Windows 2000/XP/Server 2003 memory corruption
12510| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
12511| [35373] Microsoft Excel 2003 denial of service
12512| [35372] Microsoft Office 2003 denial of service
12513| [35206] Microsoft Windows XP/Server 2003 Crash denial of service
12514| [35161] Microsoft ISA Server 2004 unknown vulnerability
12515| [35236] Microsoft Publisher 2007 memory corruption
12516| [2939] Microsoft Word 2000 memory corruption
12517| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
12518| [34993] Microsoft Office 2000/2003/Xp memory corruption
12519| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
12520| [35000] Microsoft Word 2000/2002/2003 memory corruption
12521| [2933] Microsoft Windows XP SP2/2000 SP4/Server 2003 SP1 OLE Dialog Stack-based memory corruption
12522| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
12523| [2884] Microsoft Word 2000/2002/2003 memory corruption
12524| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
12525| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
12526| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
12527| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
12528| [34322] Microsoft Office 2000/2003/Xp memory corruption
12529| [2811] Microsoft Windows 2000/XP/Server 2003 VML Vector Markup Language Integer memory corruption
12530| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
12531| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
12532| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
12533| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
12534| [34126] Microsoft Office 2003 memory corruption
12535| [34122] Microsoft Office Web Components 2000 memory corruption
12536| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum() denial of service
12537| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
12538| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
12539| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
12540| [2738] Microsoft Windows 2000/XP/Server 2003 SNMP memory corruption
12541| [2737] Microsoft Windows XP/Server 2003 Manifest denial of service
12542| [33766] Microsoft Word 2000/2002/2003 memory corruption
12543| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
12544| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
12545| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
12546| [2688] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware denial of service
12547| [2687] Microsoft Windows 2000/XP/Server 2003 Agent ActiveX ACF File Heap-based memory corruption
12548| [2686] Microsoft Windows 2000/XP/Server 2003 Client Service for Netware memory corruption
12549| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
12550| [2659] Microsoft Windows 2000/XP GDI Crash Designfehler
12551| [2655] Microsoft Windows 2000/XP/Server 2003 XML Core Services Designfehler
12552| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
12553| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
12554| [32693] Microsoft Word 2004 memory corruption
12555| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
12556| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
12557| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
12558| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
12559| [32694] Microsoft Windows 2000 memory corruption
12560| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12561| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12562| [32687] Microsoft Word 2000/2002 memory corruption
12563| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
12564| [2601] Microsoft Windows XP/Server 2003 IPv6 Stack denial of service
12565| [2600] Microsoft Windows XP/Server 2003 IPv6 Stack TCP denial of service
12566| [2599] Microsoft Windows XP/Server 2003 IPv6 Stack ICMP denial of service
12567| [2598] Microsoft Windows XP/Server 2003 Object Packager Designfehler
12568| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
12569| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
12570| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
12571| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
12572| [2593] Microsoft ASP.NET 2.0 cross site scripting
12573| [2571] Microsoft PowerPoint up to 2003 Document memory corruption
12574| [2554] Microsoft PowerPoint 2000 memory corruption
12575| [2522] Microsoft Windows 2000/XP/Server 2003 Indexing Service cross site scripting
12576| [2521] Microsoft Publisher 2000/2002/2003 PUB File Stack-based memory corruption
12577| [2508] Microsoft Word 2000 memory corruption
12578| [2478] Microsoft Internet Explorer up to 6 on Win 2000 HTTP 1.1 Compression Heap-based memory corruption
12579| [31692] Microsoft PowerPoint 2000/2001/2002/2003 memory corruption
12580| [2436] Microsoft Windows 2000/XP/Server 2003 Kernel memory corruption
12581| [2435] Microsoft Windows 2000/XP/Server 2003 Exception memory corruption
12582| [2434] Microsoft Windows 2000/XP/Server 2003 Winlogon race condition
12583| [2433] Microsoft Windows 2000 Management Console cross site scripting
12584| [2432] Microsoft Windows 2000/XP/Server 2003 DNS Resolver Heap-based memory corruption
12585| [2431] Microsoft Windows 2000/XP/Server 2003 Winsock API memory corruption
12586| [2430] Microsoft Windows 2000/XP/Server 2003 RPC ELV memory corruption
12587| [2426] Microsoft Windows 2000/XP/Server 2003 WMF File gdi32.dll denial of service
12588| [2415] Microsoft Windows 2000/XP/Server 2003 SMB File srv.sys denial of service
12589| [31527] Microsoft Internet Explorer 6.0 on Win 2000 ActiveX Object Stack-Based denial of service
12590| [31358] Microsoft PowerPoint 2003 powerpnt.exe denial of service
12591| [31354] Microsoft PowerPoint 2003 memory corruption
12592| [31351] Microsoft ISA Server 2004 Filters unknown vulnerability
12593| [2382] Microsoft PowerPoint up to 2003 Presentation Open/Close memory corruption
12594| [2378] Microsoft PowerPoint 2000/2002/2003 Document Parser memory corruption
12595| [31318] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12596| [31317] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12597| [31316] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12598| [31313] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12599| [31312] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12600| [31311] Microsoft Excel 2000/2002/2003/XP memory corruption
12601| [31310] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12602| [31237] Microsoft Office 2000/2003/Xp memory corruption
12603| [31235] Microsoft Office 2000/2003/Xp memory corruption
12604| [2371] Microsoft NET Framework up to 2.0 URL Validator unknown vulnerability
12605| [2370] Microsoft Windows 2000/XP/Server 2003 Server Protocol Driver Server Message Block Heap-based memory corruption
12606| [2369] Microsoft Windows 2000/XP/Server 2003 Server Service Mailslot Heap-based memory corruption
12607| [2367] Microsoft Office 2000/2003/XP Document String memory corruption
12608| [2366] Microsoft Windows 2000/XP/Server 2003 DHCP Client memory corruption
12609| [2365] Microsoft Office 2000/2003/XP PNG Image memory corruption
12610| [2364] Microsoft Office 2000/2003/XP GIF Image memory corruption
12611| [31233] Microsoft Office 2000/2003/Xp mso.dll lscreateline memory corruption
12612| [31238] Microsoft Internet Explorer 6.0 on Win 2000 Crash denial of service
12613| [2357] Microsoft Excel up to 2003 on Asian System Document Repair Style memory corruption
12614| [31133] Microsoft Windows XP/Server 2003 explorer.exe memory corruption
12615| [2325] Microsoft Excel up to 2003 Hyperlink hlink.dll Long Hyperlink memory corruption
12616| [2324] Microsoft Excel 2000/2002/2003/2004 XLS File memory corruption
12617| [30801] Microsoft Windows up to 2000 Connection Manager Stack-based memory corruption
12618| [2312] Microsoft Exchange 2000 Outlook Web Access cross site scripting
12619| [2311] Microsoft Windows 2000/XP/Server 2003 MRXSMB.SYS MRxSmbCscIoctlOpenForCopyChunk memory corruption
12620| [2310] Microsoft Windows 2000 RPC spoofing
12621| [2309] Microsoft Windows 2000/XP/Server 2003 Routing and Remote Access Service RPC Request memory corruption
12622| [2308] Microsoft PowerPoint 2000/2002/2003/2004 PPT Document memory corruption
12623| [2307] Microsoft Windows 2000/XP/Server 2003 JScript Object memory corruption
12624| [2306] Microsoft Windows 2000/XP/Server 2003 IP Source Routing memory corruption
12625| [2305] Microsoft Windows XP/Server 2003 ART Image Heap-based memory corruption
12626| [2294] Microsoft Word up to 2003 DOC Document Backdoor Designfehler
12627| [2275] Microsoft Windows XP/Server 2003 mhtml URI inetcomm.dll memory corruption
12628| [2253] Microsoft Word up to 2003 Backdoor memory corruption
12629| [2221] Microsoft Windows 2000/XP CHM Archive itss.dll memory corruption
12630| [30131] Microsoft Windows NT 4.0/XP/2000/Server 2003 Distributed Transaction Coordinator Crash denial of service
12631| [2218] Microsoft Windows 2000/XP/Server 2003 MSDTC Heap-based denial of service
12632| [2217] Microsoft Exchange 2000/2003 Calender Collaboration Data Object memory corruption
12633| [2190] Microsoft Office 2003 mailto URI unknown vulnerability
12634| [2147] Microsoft Windows 2000/XP/Server 2003 COM Object memory corruption
12635| [2135] Microsoft FrontPage Server Extensions 2002 cross site scripting
12636| [29524] Microsoft ISA Server 2004 unknown vulnerability
12637| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
12638| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12639| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
12640| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
12641| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
12642| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12643| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
12644| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
12645| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12646| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12647| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
12648| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12649| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12650| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
12651| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
12652| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
12653| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12654| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12655| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12656| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12657| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12658| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12659| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12660| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12661| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12662| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12663| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
12664| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12665| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12666| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12667| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
12668| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
12669| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
12670| [134704] Microsoft SQL Server 2017 Analysis Services information disclosure
12671| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
12672| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
12673| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
12674| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
12675| [134697] Microsoft Office/Word 2016/2019/365 ProPlus memory corruption
12676| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
12677| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
12678| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12679| [133235] Microsoft Azure DevOps Server 2019 privilege escalation
12680| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12681| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
12682| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
12683| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
12684| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
12685| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
12686| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12687| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
12688| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
12689| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12690| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12691| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
12692| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
12693| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
12694| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
12695| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
12696| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
12697| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
12698| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
12699| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
12700| [133204] Microsoft Office/Excel up to 2019 memory corruption
12701| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12702| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12703| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12704| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
12705| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
12706| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
12707| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
12708| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
12709| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
12710| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
12711| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
12712| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
12713| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
12714| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
12715| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
12716| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
12717| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
12718| [133184] Microsoft Office 2016 for Mac/2019/365 ProPlus Graphics Component memory corruption
12719| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
12720| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
12721| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
12722| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
12723| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
12724| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
12725| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
12726| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
12727| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
12728| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
12729| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
12730| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
12731| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
12732| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
12733| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
12734| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
12735| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
12736| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
12737| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
12738| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
12739| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
12740| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
12741| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
12742| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
12743| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
12744| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
12745| [131658] Microsoft Windows up to Server 2019 information disclosure
12746| [131657] Microsoft Windows up to Server 2019 denial of service
12747| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
12748| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
12749| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
12750| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
12751| [131650] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V denial of service
12752| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
12753| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
12754| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
12755| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12756| [131632] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
12757| [131631] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
12758| [131630] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DHCP Client memory corruption
12759| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
12760| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
12761| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
12762| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
12763| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
12764| [131330] Microsoft Exchange Server 2010 SP3 UR26/2013 CU22/2016 CU12/2019 CU1 privilege escalation
12765| [131329] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 information disclosure
12766| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
12767| [130832] Microsoft 2013 SP1 spoofing
12768| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
12769| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
12770| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
12771| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
12772| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
12773| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
12774| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12775| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
12776| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
12777| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
12778| [130814] Microsoft Windows up to Server 2019 privilege escalation
12779| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
12780| [130808] Microsoft Windows up to Server 2019 information disclosure
12781| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
12782| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
12783| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
12784| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
12785| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
12786| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
12787| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
12788| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12789| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
12790| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
12791| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
12792| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
12793| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
12794| [130792] Microsoft Windows up to Server 2019 HID information disclosure
12795| [130791] Microsoft Windows up to Server 2019 HID information disclosure
12796| [130790] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12797| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12798| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12799| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12800| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12801| [130785] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus Security Feature Phishing spoofing
12802| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
12803| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
12804| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
12805| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
12806| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
12807| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
12808| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
12809| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
12810| [128762] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus Word memory corruption
12811| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12812| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12813| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12814| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12815| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12816| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12817| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12818| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12819| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12820| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12821| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
12822| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
12823| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
12824| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
12825| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
12826| [128745] Microsoft Office up to 2019 Word Macro information disclosure
12827| [128744] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
12828| [128743] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus information disclosure
12829| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
12830| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12831| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
12832| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
12833| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
12834| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
12835| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
12836| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
12837| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
12838| [128732] Microsoft Office 2010 SP2/2013 SP1/2016/2019/365 ProPlus MSHTML Engine privilege escalation
12839| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
12840| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
12841| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
12842| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
12843| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
12844| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
12845| [128717] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Hyper-V memory corruption
12846| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
12847| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
12848| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
12849| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
12850| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
12851| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
12852| [127826] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 Win32k ASLR privilege escalation
12853| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
12854| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
12855| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
12856| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
12857| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
12858| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
12859| [127817] Microsoft Excel up to 2019 information disclosure
12860| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
12861| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
12862| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
12863| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
12864| [127809] Microsoft PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/365 ProPlus memory corruption
12865| [127806] Microsoft Outlook up to 2019 memory corruption
12866| [127805] Microsoft Excel up to 2019 memory corruption
12867| [127804] Microsoft Excel up to 2019 memory corruption
12868| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
12869| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
12870| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
12871| [126755] Microsoft .NET Core 2.1 privilege escalation
12872| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
12873| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
12874| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
12875| [126748] Microsoft Office 2019/365 ProPlus Outlook Message information disclosure
12876| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
12877| [126746] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
12878| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
12879| [126744] Microsoft Office up to 2019 Word memory corruption
12880| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
12881| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
12882| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
12883| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
12884| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
12885| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
12886| [126734] Microsoft Office 2019/365 ProPlus information disclosure
12887| [126733] Microsoft Windows 10 1803/10 1809/Server 2019/Server 1803 DirectX memory corruption
12888| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
12889| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
12890| [126727] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
12891| [126726] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
12892| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
12893| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
12894| [126718] Microsoft Windows up to Server 2016 Search memory corruption
12895| [126717] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2019 memory corruption
12896| [126716] Microsoft Office up to 2019 Excel memory corruption
12897| [126715] Microsoft Office 2016/2019/365 ProPlus Excel memory corruption
12898| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
12899| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
12900| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
12901| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
12902| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
12903| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
12904| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
12905| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
12906| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
12907| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
12908| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
12909| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
12910| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
12911| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
12912| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
12913| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
12914| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
12915| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12916| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12917| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12918| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
12919| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
12920| [125100] Microsoft Office/Powerpoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
12921| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
12922| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
12923| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
12924| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
12925| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
12926| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
12927| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
12928| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
12929| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
12930| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
12931| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
12932| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
12933| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
12934| [123872] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 SMB information disclosure
12935| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
12936| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
12937| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2013 RT SP1/2016 cross site scripting
12938| [123861] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
12939| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12940| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
12941| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
12942| [123849] Microsoft Windows up to Server 2016 SMB denial of service
12943| [123846] Microsoft Office 2016 on Win/Mac memory corruption
12944| [123844] Microsoft Word 2013 SP1/2013 RT SP1/2016 PDF File memory corruption
12945| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12946| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
12947| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
12948| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
12949| [123827] Microsoft Windows up to Server 2016 Image memory corruption
12950| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
12951| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
12952| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
12953| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12954| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12955| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
12956| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
12957| [122875] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
12958| [122874] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
12959| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
12960| [122872] Microsoft SharePoint Enterprise Server 2013 SP1/2016 information disclosure
12961| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
12962| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
12963| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
12964| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
12965| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
12966| [122848] Microsoft Windows Security Feature 2FA weak authentication
12967| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
12968| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
12969| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
12970| [121208] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R Attachment privilege escalation
12971| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12972| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
12973| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
12974| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
12975| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
12976| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
12977| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
12978| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
12979| [121098] Microsoft Office 2016/2016 C2R memory corruption
12980| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
12981| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
12982| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12983| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
12984| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
12985| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
12986| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
12987| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
12988| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12989| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
12990| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12991| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12992| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12993| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12994| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
12995| [119459] Microsoft Windows up to Server 2016 memory corruption
12996| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
12997| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
12998| [119455] Microsoft Windows up to Server 2016 denial of service
12999| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13000| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
13001| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
13002| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
13003| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
13004| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
13005| [119436] Microsoft Windows up to Server 2016 memory corruption
13006| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
13007| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
13008| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
13009| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
13010| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
13011| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
13012| [117507] Microsoft Infopath 2013 SP1 memory corruption
13013| [117505] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R information disclosure
13014| [117504] Microsoft Office 2010 SP2 information disclosure
13015| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
13016| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
13017| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13018| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
13019| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
13020| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
13021| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
13022| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
13023| [117473] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13024| [117472] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13025| [117471] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13026| [117470] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13027| [117469] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13028| [117468] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13029| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
13030| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
13031| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
13032| [116132] Microsoft Office 2016 Memory information disclosure
13033| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13034| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
13035| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
13036| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
13037| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
13038| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
13039| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13040| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
13041| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
13042| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
13043| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
13044| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
13045| [116023] Microsoft Office up to 2016 C2R information disclosure
13046| [116022] Microsoft Excel 2010 SP2 memory corruption
13047| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Active Directory privilege escalation
13048| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
13049| [116018] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13050| [116017] Microsoft Excel up to 2016 C2R memory corruption
13051| [116016] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Graphics memory corruption
13052| [116014] Microsoft Office 2013 SP1/2013 RT SP1/2016/2016 C2R memory corruption
13053| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
13054| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
13055| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
13056| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
13057| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
13058| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
13059| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
13060| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13061| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
13062| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
13063| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
13064| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13065| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
13066| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
13067| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 2016/Server 1709 Kernel information disclosure
13068| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13069| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13070| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13071| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13072| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13073| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13074| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13075| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13076| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13077| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13078| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13079| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
13080| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
13081| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
13082| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
13083| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
13084| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
13085| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
13086| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
13087| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
13088| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
13089| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
13090| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
13091| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
13092| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
13093| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
13094| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
13095| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
13096| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
13097| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
13098| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
13099| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
13100| [114520] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge privilege escalation
13101| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
13102| [114517] Microsoft Windows 10/Server 2016/Server 1709 Desktop Bridge VFS privilege escalation
13103| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
13104| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
13105| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
13106| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
13107| [113259] Microsoft Windows 10/Server 2016/Server 1709 NTFS privilege escalation
13108| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
13109| [113253] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
13110| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
13111| [113250] Microsoft Windows 10/Server 2016/Server 1709 Kernel memory corruption
13112| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
13113| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
13114| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
13115| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
13116| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
13117| [113240] Microsoft Windows 10/Server 2016/Server 1709 AppContainer privilege escalation
13118| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13119| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13120| [113233] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Uninitialized Memory information disclosure
13121| [113232] Microsoft Excel 2016 memory corruption
13122| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
13123| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
13124| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
13125| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
13126| [111567] Microsoft Office 2010/2013/2016 memory corruption
13127| [111564] Microsoft Word 2016 memory corruption
13128| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
13129| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
13130| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13131| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
13132| [110553] Microsoft Office 2016 C2R information disclosure
13133| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
13134| [110551] Microsoft Excel 2016 C2R memory corruption
13135| [110550] Microsoft PowerPoint 2013 SP1/2013 RT SP1/2016 information disclosure
13136| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
13137| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
13138| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
13139| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
13140| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13141| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13142| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
13143| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
13144| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
13145| [107759] Microsoft Windows up to Server 2016 SMB denial of service
13146| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13147| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13148| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
13149| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
13150| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
13151| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
13152| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
13153| [107738] Microsoft Windows up to Server 2016 Search information disclosure
13154| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
13155| [107732] Microsoft Outlook 2010 SP2/2013 SP1/2013 RT SP1/2016 Bypass privilege escalation
13156| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
13157| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13158| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13159| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13160| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
13161| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
13162| [107698] Microsoft Office 2016 memory corruption
13163| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
13164| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13165| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13166| [106529] Microsoft PowerPoint 2016 memory corruption
13167| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
13168| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
13169| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
13170| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
13171| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
13172| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
13173| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
13174| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
13175| [106474] Microsoft Office 2016 memory corruption
13176| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
13177| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
13178| [106470] Microsoft Excel 2011 on Mac memory corruption
13179| [106455] Microsoft Exchange Server 2013/2016 information disclosure
13180| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
13181| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
13182| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
13183| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13184| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
13185| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
13186| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
13187| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
13188| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
13189| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
13190| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
13191| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13192| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13193| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
13194| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
13195| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
13196| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
13197| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
13198| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
13199| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13200| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
13201| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
13202| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
13203| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
13204| [103468] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 Open Redirect
13205| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
13206| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
13207| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
13208| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
13209| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
13210| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
13211| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
13212| [103426] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
13213| [103425] Microsoft Exchange Server 2010 SP3/2013 SP3/2013 CU16/2016 CU5 OWA Request cross site scripting
13214| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
13215| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
13216| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
13217| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
13218| [102463] Microsoft Project Server 2013 SP1 cross site scripting
13219| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
13220| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
13221| [102446] Microsoft Office up to 2016 privilege escalation
13222| [102445] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 privilege escalation
13223| [102443] Microsoft Office up to 2016 privilege escalation
13224| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
13225| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
13226| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
13227| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
13228| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
13229| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
13230| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
13231| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
13232| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
13233| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13234| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
13235| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
13236| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13237| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13238| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13239| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13240| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13241| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
13242| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13243| [101019] Microsoft Skype for Business 2016 memory corruption
13244| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
13245| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
13246| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
13247| [101014] Microsoft Office 2010 SP2/2016 memory corruption
13248| [101013] Microsoft Office 2010 SP2/2016 memory corruption
13249| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13250| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13251| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13252| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13253| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
13254| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
13255| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
13256| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
13257| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
13258| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
13259| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
13260| [98096] Microsoft Exchange 2013 SP1 privilege escalation
13261| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
13262| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
13263| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
13264| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
13265| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
13266| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
13267| [98082] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 denial of service
13268| [98081] Microsoft Excel up to 2016 information disclosure
13269| [98080] Microsoft Excel 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
13270| [98079] Microsoft Word 2016 memory corruption
13271| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
13272| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
13273| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
13274| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
13275| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
13276| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
13277| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
13278| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
13279| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
13280| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
13281| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
13282| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
13283| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
13284| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
13285| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
13286| [94451] Microsoft Office 2011 memory corruption
13287| [94447] Microsoft Office 2010 SP2 memory corruption
13288| [94446] Microsoft Office 2016 memory corruption
13289| [94444] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 OLE DLL Loader memory corruption
13290| [94443] Microsoft Office up to 2016 information disclosure
13291| [94442] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 privilege escalation
13292| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
13293| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
13294| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
13295| [93416] Microsoft SQL Server up to 2012 SP3/2014 SP2/2016 Server Agent atxcore.dll privilege escalation
13296| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
13297| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
13298| [93413] Microsoft SQL Server up to 2014 SP2/2016 RDBMS Engine privilege escalation
13299| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
13300| [93393] Microsoft Office up to 2016 memory corruption
13301| [93392] Microsoft Office up to 2016 memory corruption
13302| [93391] Microsoft Office up to 2016 memory corruption
13303| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
13304| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
13305| [92587] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
13306| [92584] Microsoft Office up to 2016 memory corruption
13307| [91571] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
13308| [91570] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library information disclosure
13309| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
13310| [91555] Microsoft Exchange 2013/2016 Link spoofing
13311| [91550] Microsoft Office 2016 memory corruption
13312| [91547] Microsoft Office 2010 memory corruption
13313| [91543] Microsoft Office up to 2016 memory corruption
13314| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
13315| [90711] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF privilege escalation
13316| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
13317| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
13318| [89043] Microsoft Office up to 2016 memory corruption
13319| [89041] Microsoft Office up to 2016 memory corruption
13320| [89040] Microsoft Office 2010 SP2/2011/2013 SP1/2013 RT SP1/2016 memory corruption
13321| [89038] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 Security Feature privilege escalation
13322| [89037] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1/2016 memory corruption
13323| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
13324| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
13325| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
13326| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
13327| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
13328| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
13329| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
13330| [87936] Microsoft Office up to 2016 memory corruption
13331| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
13332| [87156] Microsoft Windows 8.1/RT 8.1/10/Server 2012 R2 Shell memory corruption
13333| [87149] Microsoft Office up to 2016 memory corruption
13334| [87148] Microsoft Office 2010 Graphics memory corruption
13335| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
13336| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
13337| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
13338| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
13339| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
13340| [81274] Microsoft Office up to 2016 memory corruption
13341| [81270] Microsoft Windows 8.1/RT 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
13342| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
13343| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
13344| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13345| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
13346| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
13347| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
13348| [80870] Microsoft Office up to 2016 memory corruption
13349| [80868] Microsoft Office up to 2016 memory corruption
13350| [80867] Microsoft Office up to 2016 memory corruption
13351| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
13352| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
13353| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
13354| [80231] Microsoft Excel up to 2016 Office Document memory corruption
13355| [80229] Microsoft Exchange Server 2013 SP1/2013 CU 10/2013 CU 11/2016 Outlook Web Access cross site scripting
13356| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13357| [80227] Microsoft Exchange Server 2013 SP1/2013 CU 10/2016 Outlook Web Access cross site scripting
13358| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13359| [80218] Microsoft Office up to 2016 ASLR privilege escalation
13360| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
13361| [80216] Microsoft Office up to 2016 Office Document memory corruption
13362| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
13363| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
13364| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
13365| [79500] Microsoft Office 2010/2011/2016 memory corruption
13366| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
13367| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
13368| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
13369| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
13370| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
13371| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
13372| [77638] Microsoft Lync Server 2013 cross site scripting
13373| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13374| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
13375| [77050] Microsoft Office up to 2016 memory corruption
13376| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
13377| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
13378| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
13379| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
13380| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
13381| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
13382| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
13383| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
13384| [75786] Microsoft Office 2010 SP2/2013 SP1/2013 RT SP1 Office Document memory corruption
13385| [66976] Microsoft Access 2010 VBA Datatype denial of service
13386| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
13387| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
13388| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
13389| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
13390| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
13391| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
13392| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
13393| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
13394| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
13395| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
13396| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
13397| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
13398| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
13399| [69156] Microsoft Office 2010 Object memory corruption
13400| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
13401| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
13402| [68191] Microsoft SharePoint 2010 cross site scripting
13403| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
13404| [67518] Microsoft Lync 2013 denial of service
13405| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
13406| [67516] Microsoft Lync 2010/2013 denial of service
13407| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
13408| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
13409| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
13410| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
13411| [13228] Microsoft Office 2013 Document privilege escalation
13412| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
13413| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
13414| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
13415| [12238] Microsoft Windows 8/Server 2012/RT IPv6 denial of service
13416| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
13417| [12183] Microsoft .NET Framework 2/4 DTD denial of service
13418| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
13419| [11468] Microsoft Exchange 2010/2013 cross site scripting
13420| [11466] Microsoft Office 2013 File Response information disclosure
13421| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
13422| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
13423| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
13424| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
13425| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
13426| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
13427| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
13428| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
13429| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
13430| [8722] Microsoft Windows 8/Server 2012/RT HTTP.sys denial of service
13431| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
13432| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
13433| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
13434| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
13435| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
13436| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
13437| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
13438| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
13439| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
13440| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
13441| [7343] Microsoft Lync 2012 HTTP Format String
13442| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
13443| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
13444| [6831] Microsoft Office Picture Manager 2010 File memory corruption
13445| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
13446| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
13447| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
13448| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
13449| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
13450| [5641] Microsoft SharePoint 2010 cross site scripting
13451| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
13452| [12311] Microsoft Lync 2010 Search race condition
13453| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
13454| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
13455| [60208] Microsoft Visio Viewer 2010 memory corruption
13456| [60207] Microsoft Visio Viewer 2010 memory corruption
13457| [60206] Microsoft Visio Viewer 2010 memory corruption
13458| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
13459| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
13460| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
13461| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
13462| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
13463| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
13464| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
13465| [4424] Microsoft Host Integration Server up to 2010 denial of service
13466| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
13467| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
13468| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
13469| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
13470| [4414] Microsoft SharePoint 2010 cross site scripting
13471| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS Designfehler
13472| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
13473| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
13474| [4332] Microsoft PowerPoint 2010/2007 memory corruption
13475| [56028] Microsoft Data Access Components 2.8 memory corruption
13476| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
13477| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
13478| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
13479| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
13480| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
13481| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
13482| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
13483| [4009] Microsoft NET Framework 2.x/3.x denial of service
13484| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
13485| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13486| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13487| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13488| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
13489| [32692] Microsoft XML Core Services up to 2.6 memory corruption
13490| [32691] Microsoft XML Core Services up to 2.6 memory corruption
13491| [29608] Microsoft Data Access Components 2.7 memory corruption
13492|
13493| MITRE CVE - https://cve.mitre.org:
13494| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
13495| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
13496| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
13497| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
13498| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
13499| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
13500| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
13501| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
13502| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
13503| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
13504| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
13505| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
13506| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
13507| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
13508| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
13509| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
13510| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
13511| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
13512| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
13513| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
13514| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
13515| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
13516| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
13517| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
13518| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
13519| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
13520| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
13521| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
13522| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
13523| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
13524| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
13525| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
13526| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
13527| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
13528| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
13529| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
13530| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
13531| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
13532| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
13533| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
13534| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
13535| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
13536| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
13537| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
13538| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
13539| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
13540| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
13541| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
13542| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
13543| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13544| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13545| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13546| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13547| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13548| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13549| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13550| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13551| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13552| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13553| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13554| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13555| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13556| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13557| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13558| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13559| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13560| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13561| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13562| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13563| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13564| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13565| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13566| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13567| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13568| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13569| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13570| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13571| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13572| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
13573| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
13574| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
13575| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
13576| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
13577| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
13578| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
13579| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
13580| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
13581| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
13582| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
13583| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
13584| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
13585| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
13586| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
13587| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
13588| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
13589| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
13590| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
13591| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
13592| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
13593| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
13594| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
13595| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
13596| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
13597| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
13598| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
13599| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
13600| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
13601| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
13602| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
13603| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
13604| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
13605| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
13606| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
13607| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
13608| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
13609| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
13610| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
13611| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
13612| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
13613| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
13614| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
13615| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
13616| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
13617| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
13618| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
13619| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
13620| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
13621| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
13622| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
13623| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
13624| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
13625| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13626| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
13627| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
13628| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
13629| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13630| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
13631| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
13632| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
13633| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
13634| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
13635| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
13636| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
13637| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
13638| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
13639| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
13640| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13641| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
13642| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
13643| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
13644| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
13645| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
13646| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
13647| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
13648| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
13649| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
13650| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
13651| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
13652| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
13653| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
13654| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
13655| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
13656| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
13657| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13658| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
13659| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
13660| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
13661| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
13662| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
13663| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
13664| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
13665| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
13666| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
13667| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13668| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
13669| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
13670| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
13671| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
13672| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
13673| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
13674| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
13675| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
13676| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
13677| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
13678| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
13679| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
13680| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
13681| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
13682| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
13683| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
13684| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
13685| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
13686| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
13687| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
13688| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
13689| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
13690| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
13691| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
13692| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
13693| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
13694| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
13695| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
13696| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
13697| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
13698| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
13699| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
13700| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
13701| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
13702| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
13703| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
13704| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
13705| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
13706| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
13707| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
13708| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
13709| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
13710| [CVE-2011-1990] Microsoft Excel 2007 SP2
13711| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
13712| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
13713| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
13714| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
13715| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
13716| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
13717| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
13718| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
13719| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
13720| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
13721| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
13722| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
13723| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
13724| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
13725| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
13726| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
13727| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
13728| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
13729| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
13730| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
13731| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
13732| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
13733| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
13734| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
13735| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
13736| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
13737| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
13738| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13739| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13740| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13741| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
13742| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
13743| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13744| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13745| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
13746| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13747| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13748| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
13749| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
13750| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
13751| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
13752| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
13753| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
13754| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
13755| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
13756| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
13757| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
13758| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
13759| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
13760| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
13761| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
13762| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
13763| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
13764| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
13765| [CVE-2011-1275] Microsoft Excel 2002 SP3
13766| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
13767| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13768| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
13769| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
13770| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
13771| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
13772| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
13773| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
13774| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
13775| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
13776| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
13777| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
13778| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
13779| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
13780| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13781| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13782| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13783| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13784| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13785| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13786| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13787| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13788| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13789| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13790| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13791| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13792| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13793| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13794| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13795| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13796| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13797| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13798| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
13799| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13800| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
13801| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
13802| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
13803| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13804| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
13805| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13806| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13807| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13808| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13809| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13810| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13811| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13812| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13813| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
13814| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
13815| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
13816| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
13817| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
13818| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
13819| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13820| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
13821| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
13822| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
13823| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
13824| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
13825| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
13826| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
13827| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13828| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13829| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
13830| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
13831| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
13832| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
13833| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
13834| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
13835| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
13836| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
13837| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
13838| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
13839| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
13840| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
13841| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
13842| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
13843| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
13844| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
13845| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
13846| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
13847| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
13848| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
13849| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
13850| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
13851| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
13852| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
13853| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
13854| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
13855| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
13856| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
13857| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
13858| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
13859| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
13860| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
13861| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
13862| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
13863| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
13864| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
13865| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
13866| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
13867| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
13868| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
13869| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
13870| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
13871| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
13872| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
13873| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
13874| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
13875| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
13876| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
13877| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
13878| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
13879| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
13880| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
13881| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
13882| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
13883| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
13884| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
13885| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
13886| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
13887| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
13888| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
13889| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
13890| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
13891| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
13892| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
13893| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
13894| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
13895| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
13896| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
13897| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
13898| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
13899| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
13900| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
13901| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
13902| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
13903| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
13904| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
13905| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
13906| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
13907| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
13908| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
13909| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
13910| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
13911| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
13912| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
13913| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
13914| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
13915| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
13916| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
13917| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
13918| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
13919| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
13920| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
13921| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
13922| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
13923| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
13924| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
13925| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
13926| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
13927| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
13928| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
13929| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
13930| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
13931| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
13932| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
13933| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
13934| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
13935| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
13936| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
13937| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
13938| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
13939| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
13940| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
13941| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
13942| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
13943| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
13944| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
13945| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
13946| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
13947| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
13948| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
13949| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
13950| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
13951| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
13952| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13953| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13954| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
13955| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
13956| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
13957| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
13958| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
13959| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
13960| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
13961| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
13962| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
13963| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
13964| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
13965| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
13966| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
13967| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
13968| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
13969| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
13970| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
13971| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
13972| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
13973| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
13974| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
13975| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
13976| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
13977| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
13978| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
13979| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
13980| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
13981| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
13982| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
13983| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
13984| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
13985| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
13986| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
13987| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
13988| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
13989| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
13990| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
13991| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
13992| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
13993| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
13994| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
13995| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
13996| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
13997| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
13998| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
13999| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
14000| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
14001| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
14002| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
14003| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
14004| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
14005| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
14006| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
14007| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
14008| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
14009| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
14010| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
14011| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
14012| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
14013| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
14014| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
14015| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
14016| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
14017| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
14018| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
14019| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
14020| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
14021| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
14022| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
14023| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
14024| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
14025| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
14026| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
14027| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
14028| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14029| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
14030| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
14031| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
14032| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
14033| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
14034| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
14035| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
14036| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
14037| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
14038| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
14039| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
14040| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
14041| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
14042| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
14043| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
14044| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
14045| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
14046| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
14047| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
14048| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
14049| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
14050| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
14051| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
14052| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
14053| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
14054| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
14055| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
14056| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
14057| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
14058| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
14059| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
14060| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
14061| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
14062| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
14063| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
14064| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
14065| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
14066| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
14067| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
14068| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
14069| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
14070| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
14071| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
14072| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
14073| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
14074| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
14075| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
14076| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
14077| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
14078| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
14079| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
14080| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14081| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
14082| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14083| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14084| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
14085| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14086| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
14087| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
14088| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
14089| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
14090| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
14091| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
14092| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
14093| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
14094| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
14095| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
14096| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
14097| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
14098| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
14099| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
14100| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
14101| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
14102| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
14103| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
14104| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
14105| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
14106| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
14107| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
14108| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
14109| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
14110| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
14111| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
14112| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
14113| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
14114| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
14115| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
14116| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
14117| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
14118| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
14119| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
14120| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
14121| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
14122| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
14123| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
14124| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
14125| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
14126| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
14127| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
14128| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
14129| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
14130| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
14131| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
14132| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
14133| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
14134| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
14135| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
14136| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
14137| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
14138| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
14139| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
14140| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
14141| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
14142| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
14143| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
14144| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
14145| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
14146| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
14147| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
14148| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
14149| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
14150| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
14151| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
14152| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
14153| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
14154| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
14155| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
14156| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
14157| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
14158| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
14159| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
14160| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
14161| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
14162| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
14163| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
14164| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
14165| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14166| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
14167| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14168| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14169| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
14170| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
14171| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14172| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
14173| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14174| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14175| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14176| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
14177| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
14178| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14179| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
14180| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
14181| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
14182| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
14183| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
14184| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
14185| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
14186| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
14187| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
14188| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
14189| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
14190| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
14191| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
14192| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
14193| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14194| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
14195| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
14196| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
14197| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
14198| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
14199| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
14200| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
14201| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
14202| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
14203| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
14204| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
14205| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
14206| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
14207| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
14208| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
14209| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
14210| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
14211| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
14212| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
14213| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
14214| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
14215| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
14216| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
14217| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
14218| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
14219| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
14220| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
14221| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
14222| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
14223| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
14224| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
14225| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
14226| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
14227| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
14228| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
14229| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
14230| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
14231| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
14232| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
14233| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14234| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
14235| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
14236| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
14237| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
14238| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
14239| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
14240| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
14241| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
14242| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14243| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
14244| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
14245| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
14246| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
14247| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
14248| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
14249| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
14250| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
14251| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
14252| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
14253| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
14254| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14255| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14256| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14257| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14258| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14259| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14260| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
14261| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
14262| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14263| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
14264| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
14265| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
14266| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
14267| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
14268| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
14269| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14270| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
14271| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
14272| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
14273| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14274| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
14275| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14276| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
14277| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14278| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14279| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
14280| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
14281| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
14282| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
14283| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
14284| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
14285| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14286| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
14287| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
14288| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
14289| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
14290| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
14291| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
14292| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
14293| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
14294| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
14295| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
14296| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
14297| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
14298| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
14299| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
14300| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
14301| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
14302| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
14303| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
14304| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
14305| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
14306| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
14307| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
14308| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
14309| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
14310| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
14311| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
14312| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
14313| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
14314| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
14315| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
14316| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
14317| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
14318| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
14319| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
14320| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
14321| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
14322| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
14323| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
14324| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
14325| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
14326| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
14327| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
14328| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
14329| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
14330| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
14331| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
14332| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
14333| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
14334| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
14335| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
14336| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
14337| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
14338| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
14339| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
14340| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
14341| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
14342| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
14343| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
14344| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
14345| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
14346| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
14347| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
14348| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
14349| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
14350| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
14351| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
14352| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
14353| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
14354| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
14355| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
14356| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
14357| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
14358| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
14359| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
14360| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
14361| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
14362| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
14363| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
14364| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
14365| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
14366| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
14367| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
14368| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
14369| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
14370| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
14371| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
14372| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
14373| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
14374| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
14375| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
14376| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
14377| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
14378| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
14379| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
14380| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
14381| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
14382| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
14383| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
14384| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
14385| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
14386| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
14387| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
14388| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14389| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
14390| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
14391| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
14392| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
14393| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
14394| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
14395| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
14396| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
14397| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
14398| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
14399| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
14400| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
14401| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
14402| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
14403| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
14404| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
14405| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
14406| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
14407| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
14408| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
14409| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
14410| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
14411| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
14412| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
14413| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
14414| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
14415| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
14416| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
14417| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
14418| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
14419| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
14420| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
14421| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14422| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14423| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
14424| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
14425| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
14426| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
14427| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
14428| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
14429| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
14430| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
14431| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
14432| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
14433| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
14434| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
14435| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
14436| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
14437| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
14438| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
14439| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
14440| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
14441| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
14442| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
14443| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
14444| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
14445| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
14446| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
14447| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
14448| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
14449| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
14450| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
14451| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
14452| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
14453| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
14454| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
14455| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
14456| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
14457| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
14458| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
14459| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
14460| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
14461| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
14462| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
14463| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
14464| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
14465| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
14466| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
14467| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
14468| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
14469| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
14470| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
14471| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
14472| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
14473| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
14474| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
14475| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
14476| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
14477| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
14478| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
14479| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
14480| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
14481| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
14482| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
14483| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
14484| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
14485| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
14486| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
14487| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
14488| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
14489| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
14490| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
14491| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
14492| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
14493| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
14494| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
14495| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
14496| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
14497| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
14498| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
14499| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
14500| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
14501| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
14502| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
14503| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
14504| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
14505| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
14506| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
14507| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
14508| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
14509| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
14510| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
14511| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
14512| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
14513| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
14514| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
14515| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
14516| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
14517| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
14518| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
14519| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
14520| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
14521| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
14522| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
14523| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
14524| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
14525| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
14526| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
14527| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
14528| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
14529| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
14530| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
14531| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
14532| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
14533| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
14534| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
14535| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
14536| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
14537| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
14538| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
14539| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
14540| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
14541| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
14542| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
14543| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
14544| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
14545| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
14546| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
14547| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
14548| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
14549| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
14550| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
14551| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
14552| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
14553| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
14554| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
14555| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
14556| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
14557| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
14558| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
14559| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
14560| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
14561| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
14562| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
14563| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
14564| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
14565| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
14566| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
14567| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
14568| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
14569| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
14570| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
14571| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
14572| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
14573| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
14574| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
14575| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
14576| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
14577| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
14578| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
14579| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
14580| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
14581| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
14582| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
14583| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
14584| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
14585| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
14586| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
14587| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
14588| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
14589| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
14590| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
14591| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
14592| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
14593| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
14594| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
14595| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
14596| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
14597| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
14598| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
14599| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
14600| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
14601| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
14602| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
14603| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
14604| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
14605| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
14606| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
14607| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
14608| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
14609| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
14610| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
14611| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
14612| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
14613| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
14614| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
14615| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
14616| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
14617| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
14618| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
14619| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
14620| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
14621| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
14622| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
14623| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
14624| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
14625| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
14626| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
14627| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
14628| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
14629| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
14630| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
14631| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
14632| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
14633| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
14634| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
14635| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
14636| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
14637| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
14638| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
14639| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
14640| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
14641| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
14642| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
14643| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
14644| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
14645| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
14646| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
14647| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
14648| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
14649| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
14650| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
14651| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
14652| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
14653| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
14654| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
14655| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
14656| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
14657| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
14658| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
14659| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
14660| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
14661| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
14662| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
14663| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
14664| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
14665| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
14666| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
14667| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
14668| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
14669| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
14670| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
14671| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
14672| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
14673| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
14674| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
14675| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
14676| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
14677| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
14678| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
14679| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
14680| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
14681| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
14682| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
14683| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
14684| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
14685| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
14686| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
14687| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
14688| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
14689| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
14690| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
14691| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
14692| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
14693| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
14694| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
14695| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
14696| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
14697| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
14698| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
14699| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
14700| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
14701| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
14702| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
14703| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
14704| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
14705| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
14706| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
14707| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
14708| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
14709| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
14710| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
14711| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
14712| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
14713| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
14714| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
14715| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
14716| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
14717| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
14718| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
14719| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
14720| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
14721| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
14722| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
14723| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
14724| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
14725| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
14726| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
14727| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
14728| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
14729| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
14730| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
14731| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
14732| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
14733| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
14734| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
14735| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
14736| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
14737| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
14738| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
14739| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
14740| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
14741| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
14742| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
14743| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
14744| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
14745| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
14746| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
14747| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
14748| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
14749| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
14750| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
14751| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
14752| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
14753| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
14754| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
14755| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
14756| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
14757| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
14758| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
14759| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
14760| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
14761| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
14762| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
14763| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
14764| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
14765| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
14766| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
14767| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
14768| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
14769| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
14770| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
14771| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
14772| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
14773| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
14774| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
14775| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
14776| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
14777| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
14778| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
14779| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
14780| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
14781| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
14782| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
14783| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
14784| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
14785| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
14786| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
14787| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
14788| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
14789| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
14790| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
14791| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
14792| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
14793| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
14794| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
14795| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
14796| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
14797| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
14798| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
14799| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
14800| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
14801| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
14802| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
14803| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
14804| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
14805| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
14806| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
14807| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
14808| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
14809| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
14810| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
14811| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
14812| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
14813| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
14814| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
14815| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
14816| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
14817| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
14818| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
14819| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
14820| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
14821| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
14822| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
14823| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
14824| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
14825| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
14826| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
14827| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
14828| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
14829| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
14830| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
14831| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
14832| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
14833| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
14834| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
14835| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
14836| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
14837| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
14838| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
14839| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
14840| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
14841| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
14842| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
14843| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
14844| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
14845| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
14846| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
14847| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
14848| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
14849| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
14850| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
14851| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
14852| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
14853| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
14854| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
14855| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
14856| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
14857| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
14858| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
14859| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
14860| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
14861| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
14862| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
14863| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
14864| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
14865| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
14866| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
14867| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
14868| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
14869| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
14870| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
14871| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
14872| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
14873| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
14874| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
14875| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
14876| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
14877| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
14878| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
14879| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
14880| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
14881| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
14882| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
14883| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
14884| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
14885| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
14886| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
14887| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
14888| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
14889| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
14890| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
14891| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
14892| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
14893| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
14894| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
14895| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
14896| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
14897| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
14898| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
14899| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
14900| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
14901| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
14902| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
14903| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
14904| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
14905| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
14906| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
14907| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
14908| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
14909| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
14910| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
14911| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
14912| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
14913| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
14914| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
14915| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
14916| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
14917| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
14918| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
14919| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
14920| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
14921| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
14922| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
14923| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
14924| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
14925| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
14926| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
14927| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
14928| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
14929| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
14930| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
14931| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
14932| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
14933| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
14934| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
14935| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
14936| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
14937| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
14938| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
14939| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
14940| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
14941| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
14942| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
14943| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
14944| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
14945| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
14946| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
14947| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
14948| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
14949| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
14950| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
14951| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14952| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14953| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14954| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
14955| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
14956| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
14957| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
14958| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
14959| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
14960| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
14961| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
14962| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
14963| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
14964| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
14965| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
14966| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
14967| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
14968| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
14969| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
14970| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
14971| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
14972| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
14973| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
14974| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
14975| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
14976| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
14977| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
14978| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
14979| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
14980| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
14981| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
14982| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
14983| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
14984|
14985| SecurityFocus - https://www.securityfocus.com/bid/:
14986| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
14987| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
14988| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
14989| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
14990| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
14991| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
14992| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
14993| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
14994| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
14995| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
14996| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
14997| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
14998| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
14999| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
15000| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
15001| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
15002| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
15003| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
15004| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
15005| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
15006| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
15007| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
15008| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
15009| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
15010| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
15011| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
15012| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
15013| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
15014| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
15015| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
15016| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
15017| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
15018| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
15019| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
15020| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
15021| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
15022| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
15023| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
15024| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
15025| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
15026| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
15027| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
15028| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
15029| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
15030| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
15031| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
15032| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
15033| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
15034| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
15035| [22716] Microsoft Office 2003 Denial of Service Vulnerability
15036| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
15037| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
15038| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
15039| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
15040| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
15041| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
15042| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
15043| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
15044| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
15045| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
15046| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
15047| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
15048| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
15049| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
15050| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
15051| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
15052| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
15053| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
15054| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
15055| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
15056| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
15057| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
15058| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
15059| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
15060| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
15061| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
15062| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
15063| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
15064| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
15065| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
15066| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
15067| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
15068| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
15069| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
15070| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
15071| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
15072| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
15073| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
15074| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
15075| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
15076| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
15077| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
15078| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
15079| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
15080| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
15081| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
15082| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
15083| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
15084| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
15085| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
15086| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
15087| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
15088| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
15089| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
15090| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
15091| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
15092| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
15093| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
15094| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
15095| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
15096| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
15097| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
15098| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
15099| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
15100| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
15101| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
15102| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
15103| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
15104| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
15105| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
15106| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
15107| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
15108| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
15109| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
15110| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
15111| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
15112| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
15113| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
15114| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
15115| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
15116| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
15117| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
15118| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
15119| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
15120| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
15121| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
15122| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
15123| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
15124| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
15125| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
15126| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
15127| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
15128| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
15129| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
15130| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
15131| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
15132| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
15133| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
15134| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
15135| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
15136| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
15137| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
15138| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
15139| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
15140| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
15141| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
15142| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
15143| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
15144| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
15145| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
15146| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
15147| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
15148| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
15149| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
15150| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
15151| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
15152| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
15153| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
15154| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
15155| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
15156| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
15157| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
15158| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
15159| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
15160| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
15161| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
15162| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
15163| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
15164| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
15165| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
15166| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
15167| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
15168| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
15169| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
15170| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
15171| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
15172| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
15173| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
15174| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
15175| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
15176| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
15177| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
15178| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
15179| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
15180| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
15181| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
15182| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
15183| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
15184| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
15185| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
15186| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
15187| [1197] Microsoft Office 2000 UA Control Vulnerability
15188| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
15189| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
15190| [539] Microsoft Windows 2000 EFS Vulnerability
15191| [180] Microsoft Windows April Fools 2001 Vulnerability
15192| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
15193| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
15194| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
15195| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
15196| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
15197| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
15198| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
15199| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
15200| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
15201| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
15202| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
15203| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
15204| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
15205| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
15206| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
15207| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
15208| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
15209| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
15210| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
15211| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
15212| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
15213| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
15214| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
15215| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
15216| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
15217| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
15218| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
15219| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
15220| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
15221| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
15222| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
15223| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
15224| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
15225| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
15226| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
15227| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
15228| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
15229| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
15230| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
15231| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
15232| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
15233| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
15234| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
15235| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
15236| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
15237| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
15238| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
15239| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
15240| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
15241| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
15242| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
15243| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
15244| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
15245| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
15246| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
15247| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
15248| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
15249| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
15250| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
15251| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
15252| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
15253| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
15254| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
15255| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
15256| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
15257|
15258| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15259| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
15260| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
15261| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
15262| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
15263| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
15264| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
15265| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
15266| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
15267| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
15268| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
15269| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
15270| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
15271| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
15272| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
15273| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
15274| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
15275| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
15276| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
15277| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
15278| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
15279| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
15280| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
15281| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
15282| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
15283| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
15284| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
15285| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
15286| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
15287| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
15288| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
15289| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
15290| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
15291| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
15292| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
15293| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
15294| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
15295| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
15296| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
15297| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
15298| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
15299| [48595] Microsoft Word 2007 Email as PDF information disclosure
15300| [46102] Microsoft Windows 2003 SP2 is not installed on the system
15301| [46101] Microsoft Windows 2003 SP1 is not installed on the system
15302| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
15303| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
15304| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
15305| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
15306| [34599] Microsoft Windows Server 2003 terminal server security bypass
15307| [34473] Microsoft Office 2000 ActiveX control buffer overflow
15308| [33713] Microsoft Word 2007 multiple unspecified denial of service
15309| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
15310| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
15311| [31821] Microsoft Windows time zone update for year 2007
15312| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
15313| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
15314| [29546] Microsoft Windows 2000/2003 user logoff initiated
15315| [29545] Microsoft Windows 2000/2003 system time changed
15316| [29544] Microsoft Windows 2000/2003 system security access removed
15317| [29543] Microsoft Windows 2000/2003 security access granted
15318| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
15319| [29541] Microsoft Windows 2000/2003 primary security token issued
15320| [29540] Microsoft Windows 2000/2003 user password reset successful
15321| [29539] Microsoft Windows 2000/2003 object indirectly accessed
15322| [29538] Microsoft Windows 2000/2003 object handle duplicated
15323| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
15324| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
15325| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
15326| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
15327| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
15328| [29532] Microsoft Windows 2000/2003 IKE security association established
15329| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
15330| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
15331| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
15332| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
15333| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
15334| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
15335| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
15336| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
15337| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
15338| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
15339| [29521] Microsoft Windows 2000/2003 account name changed
15340| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
15341| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
15342| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
15343| [26118] Microsoft Office 2003 mailto: information disclosure
15344| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
15345| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
15346| [24473] Microsoft Windows 2000 event ID 565 not logged
15347| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
15348| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
15349| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
15350| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
15351| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
15352| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
15353| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
15354| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
15355| [22183] Microsoft Exchange Server 2003 public folder denial of service
15356| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
15357| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
15358| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
15359| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
15360| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
15361| [19629] Microsoft Exchange Server 2003 folder denial of service
15362| [17826] Microsoft Outlook 2003 CID security bypass
15363| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
15364| [17621] Microsoft Windows 2003 SMTP service code execution
15365| [17560] Microsoft Windows 2000 and XP GDI library denial of service
15366| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
15367| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
15368| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
15369| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
15370| [16907] Microsoft Windows 2003 users with Create global objects privilege
15371| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
15372| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
15373| [16704] Microsoft Windows 2000 Media Player control code execution
15374| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
15375| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
15376| [16570] Microsoft Windows 2003 Users with Create global objects privilege
15377| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
15378| [16562] Microsoft Windows 2003 Groups with "
15379| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
15380| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
15381| [16520] Microsoft Windows 2003 Create global objects privilege
15382| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
15383| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
15384| [16119] Microsoft Outlook 2000 URL spoofing
15385| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
15386| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
15387| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
15388| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
15389| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
15390| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
15391| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
15392| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
15393| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
15394| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
15395| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
15396| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
15397| [13426] Microsoft Windows 2000 and XP RPC race condition
15398| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
15399| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
15400| [13385] Microsoft Windows Server 2003 "
15401| [13211] Microsoft Windows 2000 and XP URG memory leak
15402| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
15403| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
15404| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
15405| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
15406| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
15407| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
15408| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
15409| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
15410| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
15411| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
15412| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
15413| [11901] Microsoft BizTalk Server 2002 SQL injection
15414| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
15415| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
15416| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
15417| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
15418| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
15419| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
15420| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
15421| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
15422| [11216] Microsoft Windows NT and 2000 command prompt denial of service
15423| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
15424| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
15425| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
15426| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
15427| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
15428| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
15429| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
15430| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
15431| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
15432| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
15433| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
15434| [9779] Microsoft Windows 2000 weak system partition permissions
15435| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
15436| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
15437| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
15438| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
15439| [8867] Microsoft Windows 2000 LanMan denial of service
15440| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
15441| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
15442| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
15443| [8739] Microsoft Windows 2000 DCOM memory leak
15444| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
15445| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
15446| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
15447| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
15448| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
15449| [8199] Microsoft Windows 2000 Terminal Services unlocked client
15450| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
15451| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
15452| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
15453| [8037] Microsoft Windows 2000 empty TCP packet denial of service
15454| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
15455| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
15456| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
15457| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
15458| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
15459| [7533] Microsoft Windows 2000 RunAs service denial of service
15460| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
15461| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
15462| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
15463| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
15464| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
15465| [7008] Microsoft Windows 2000 IrDA device denial of service
15466| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
15467| [6931] Microsoft Windows 2000 without Service Pack 2
15468| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
15469| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
15470| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
15471| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
15472| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
15473| [6669] Microsoft Windows 2000 Telnet system call denial of service
15474| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
15475| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
15476| [6666] Microsoft Windows 2000 Telnet username denial of service
15477| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
15478| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
15479| [6652] Microsoft Exchange 2000 OWA script execution
15480| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
15481| [6506] Microsoft Windows 2000 Server Kerberos denial of service
15482| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
15483| [6160] Microsoft Windows 2000 event viewer buffer overflow
15484| [6136] Microsoft Windows 2000 domain controller denial of service
15485| [6035] Microsoft Windows 2000 Server RDP denial of service
15486| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
15487| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
15488| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
15489| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
15490| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
15491| [5585] Microsoft Windows 2000 brute force attack
15492| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
15493| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
15494| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
15495| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
15496| [5263] Microsoft Office 2000 executes .dll without users knowledge
15497| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
15498| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
15499| [5203] Microsoft Windows 2000 still image service
15500| [5171] Microsoft Windows 2000 Local Security Policy corruption
15501| [5080] Microsoft Office 2000 HTML object tag buffer overflow
15502| [5033] Microsoft Windows 2000 without Service Pack 1
15503| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
15504| [5015] Microsoft Windows NT and 2000 executable path
15505| [4887] Microsoft Windows 2000 Kerberos ticket renewed
15506| [4886] Microsoft Windows 2000 logon session reconnected
15507| [4885] Microsoft Windows 2000 logon session disconnected
15508| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
15509| [4873] Microsoft Windows 2000 user account mapped for logon
15510| [4872] Microsoft Windows 2000 account logon failed
15511| [4871] Microsoft Windows 2000 account used for logon
15512| [4855] Microsoft Windows 2000 group type change
15513| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
15514| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
15515| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
15516| [4819] Microsoft Windows 2000 default SYSKEY configuration
15517| [4787] Microsoft Windows 2000 user account locked out
15518| [4786] Microsoft Windows 2000 computer account created
15519| [4785] Microsoft Windows 2000 computer account changed
15520| [4784] Microsoft Windows 2000 computer account deleted
15521| [4714] Microsoft Windows 2000 "
15522| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
15523| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
15524| [4138] Microsoft Windows 2000 system file integrity feature is disabled
15525| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
15526| [4085] Microsoft Windows 2000 non-Gregorial calendar error
15527| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
15528| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
15529| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
15530| [4080] Microsoft Windows 2000 AOL image support
15531| [4079] Microsoft Windows 2000 High Encryption Pack
15532| [3854] Microsoft Office 2000 security setting
15533| [1376] Microsoft Proxy 2.0 denial of service
15534| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
15535| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
15536| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
15537| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
15538| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
15539| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
15540| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
15541| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
15542| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
15543| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
15544| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
15545| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
15546| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
15547| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
15548| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
15549| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
15550| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
15551| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
15552| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
15553| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
15554| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
15555| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
15556| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
15557| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
15558| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
15559| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
15560| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
15561| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
15562| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
15563| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
15564| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
15565| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
15566| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
15567| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
15568| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
15569| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
15570| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
15571| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
15572| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
15573| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
15574| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
15575| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
15576| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
15577| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
15578| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
15579| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
15580| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
15581| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
15582| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
15583| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
15584| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
15585| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
15586| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
15587| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
15588| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
15589| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
15590| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
15591| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
15592| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
15593| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
15594| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
15595| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
15596| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
15597| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
15598| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
15599| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
15600| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
15601| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
15602| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
15603| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
15604| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
15605| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
15606| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
15607| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
15608| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
15609| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
15610| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
15611| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
15612| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
15613| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
15614| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
15615| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
15616| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
15617| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
15618| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
15619| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
15620| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
15621| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
15622| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
15623| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
15624| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
15625| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
15626| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
15627| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
15628| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
15629| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
15630| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
15631| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
15632| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
15633| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
15634| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
15635| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
15636| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
15637| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
15638| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
15639| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
15640| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
15641| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
15642| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
15643| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
15644| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
15645| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
15646| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
15647| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
15648| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
15649| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
15650| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
15651| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
15652| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
15653| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
15654| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
15655| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
15656| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
15657| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
15658| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
15659| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
15660| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
15661| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
15662| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
15663| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
15664| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
15665| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
15666| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
15667| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
15668| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
15669| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
15670| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
15671| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
15672| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
15673| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
15674| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
15675| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
15676| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
15677| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
15678| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
15679| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
15680| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
15681| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
15682| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
15683| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
15684| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
15685| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
15686| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
15687| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
15688| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
15689| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
15690| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
15691| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
15692| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
15693| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
15694| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
15695| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
15696| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
15697| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
15698| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
15699| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
15700| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
15701| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
15702| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
15703| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
15704| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
15705| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
15706| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
15707| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
15708| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
15709| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
15710| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
15711| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
15712| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
15713| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
15714| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
15715| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
15716| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
15717| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
15718| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
15719| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
15720| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
15721| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
15722| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
15723| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
15724| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
15725| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
15726| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
15727| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
15728| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
15729| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
15730| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
15731| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
15732| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
15733| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
15734| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
15735| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
15736| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
15737| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
15738| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
15739| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
15740| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
15741| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
15742| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
15743| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
15744| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
15745| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
15746| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
15747| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
15748| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
15749| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
15750| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
15751| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
15752| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
15753| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
15754| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
15755| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
15756| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
15757| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
15758| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
15759| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
15760| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
15761| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
15762| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
15763| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
15764| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
15765| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
15766| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
15767| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
15768| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
15769| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
15770| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
15771| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
15772| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
15773| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
15774| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
15775| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
15776| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
15777| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
15778| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
15779| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
15780| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
15781| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
15782| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
15783| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
15784| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
15785| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
15786| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
15787| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
15788| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
15789| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
15790| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
15791| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
15792| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
15793| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
15794| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
15795| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
15796| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
15797| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
15798| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
15799| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
15800| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
15801| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
15802| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
15803| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
15804| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
15805| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
15806| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
15807| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
15808| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
15809| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
15810| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
15811| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
15812| [9146] Microsoft Passport SDK 2.1 events reporting disabled
15813| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
15814| [9067] Microsoft Passport SDK 2.1 default test site exposure
15815| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
15816| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
15817| [9064] Microsoft Passport SDK 2.1 default time window exposure
15818| [1271] Microsoft IIS version 2 installed
15819| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
15820|
15821| Exploit-DB - https://www.exploit-db.com:
15822| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
15823| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
15824| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
15825| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
15826| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
15827| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
15828| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
15829| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
15830| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
15831| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
15832| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
15833| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
15834| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
15835| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
15836| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
15837| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
15838| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
15839| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
15840| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
15841| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
15842| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
15843| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
15844| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
15845| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
15846| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
15847| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
15848| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
15849| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
15850| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
15851| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
15852| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
15853| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
15854| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
15855| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
15856| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
15857| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
15858| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
15859| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
15860| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
15861| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
15862| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
15863| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
15864| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
15865| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
15866| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
15867| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
15868| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
15869| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
15870| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
15871| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
15872| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
15873| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
15874| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
15875| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
15876| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
15877| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
15878| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
15879| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
15880| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
15881| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
15882| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
15883| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
15884| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
15885| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
15886| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
15887| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
15888| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
15889| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
15890| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
15891| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
15892| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
15893| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
15894| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
15895| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
15896| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
15897| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
15898| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
15899| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
15900| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
15901| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
15902| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
15903| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
15904| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
15905| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
15906| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
15907| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
15908| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
15909| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
15910| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
15911| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
15912| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
15913| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
15914| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
15915| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
15916| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
15917| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
15918| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
15919| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
15920| [18334] Microsoft Office 2003 Home/Pro 0day
15921| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
15922| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
15923| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
15924| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
15925| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
15926| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
15927| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
15928| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
15929| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
15930| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
15931| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
15932| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
15933| [3690] microsoft office word 2007 - Multiple Vulnerabilities
15934| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
15935| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
15936| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
15937| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
15938| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
15939| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
15940| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
15941| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
15942| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
15943| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
15944| [22850] Microsoft Office OneNote 2010 Crash PoC
15945| [22679] Microsoft Visio 2010 Crash PoC
15946| [22655] Microsoft Publisher 2013 Crash PoC
15947| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
15948| [22330] Microsoft Office Excel 2010 Crash PoC
15949| [22310] Microsoft Office Publisher 2010 Crash PoC
15950| [22237] Microsoft Office Picture Manager 2010 Crash PoC
15951| [22215] Microsoft Office Word 2010 Crash PoC
15952| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
15953| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
15954| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
15955| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
15956| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
15957| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
15958| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
15959| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
15960| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
15961| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
15962|
15963| OpenVAS (Nessus) - http://www.openvas.org:
15964| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
15965| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
15966| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
15967| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
15968| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
15969| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
15970| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
15971| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
15972| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
15973| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
15974| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
15975| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
15976| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
15977|
15978| SecurityTracker - https://www.securitytracker.com:
15979| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
15980| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
15981| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
15982| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
15983| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
15984| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
15985| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
15986| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
15987| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
15988| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
15989| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
15990| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
15991| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
15992| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
15993| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
15994| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
15995| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
15996| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
15997| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
15998| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
15999| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
16000| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
16001| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
16002| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
16003| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
16004| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
16005| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
16006| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
16007| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
16008| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
16009| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
16010| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
16011| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
16012| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
16013| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
16014| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
16015| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
16016| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
16017| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
16018| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
16019| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
16020| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
16021| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
16022| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
16023| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
16024| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
16025| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
16026| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
16027| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
16028| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
16029| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
16030| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
16031| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
16032| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
16033| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
16034| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
16035| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
16036| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
16037| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
16038|
16039| OSVDB - http://www.osvdb.org:
16040| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
16041| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
16042| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
16043| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
16044| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
16045| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
16046| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
16047| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
16048| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
16049| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
16050| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
16051| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
16052| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
16053| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
16054| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
16055| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
16056| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
16057| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
16058| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
16059| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
16060| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
16061| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
16062| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
16063| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
16064| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
16065| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
16066| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
16067| [28539] Microsoft Word 2000 Unspecified Code Execution
16068| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
16069| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
16070| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
16071| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
16072| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
16073| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
16074| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
16075| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
16076| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
16077| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
16078| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
16079| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
16080| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
16081| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
16082| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
16083| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
16084| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
16085| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
16086| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
16087| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
16088| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
16089| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
16090| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
16091| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
16092| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
16093| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
16094| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
16095| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
16096| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
16097| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
16098| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
16099| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
16100| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
16101| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
16102| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
16103| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
16104| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
16105| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
16106| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
16107| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
16108| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
16109| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
16110| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
16111| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
16112| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
16113| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
16114| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
16115| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
16116| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
16117| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
16118| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
16119| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
16120| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
16121| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
16122| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
16123| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
16124| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
16125| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
16126| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
16127| [8243] Microsoft SMS Port 2702 DoS
16128| [7202] Microsoft PowerPoint 2000 File Loader Overflow
16129| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
16130| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
16131| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
16132| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
16133| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
16134| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
16135| [6965] Microsoft ISA Server 2000 SSL Packet DoS
16136| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
16137| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
16138| [5179] Microsoft Windows 2000 microsoft-ds DoS
16139| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
16140| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
16141| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
16142| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
16143| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
16144| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
16145| [4168] Microsoft Outlook 2002 mailto URI Script Injection
16146| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
16147| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
16148| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
16149| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
16150| [2244] Microsoft Windows 2000 ShellExecute() API Let
16151| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
16152| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
16153| [1764] Microsoft Windows 2000 Domain Controller DoS
16154| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
16155| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
16156| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
16157| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
16158| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
16159| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
16160| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
16161| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
16162| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
16163| [1399] Microsoft Windows 2000 Windows Station Access
16164| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
16165| [1297] Microsoft Windows 2000 Active Directory Object Attribute
16166| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
16167| [773] Microsoft Windows 2000 Group Policy File Lock DoS
16168| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
16169| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
16170| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
16171| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
16172| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
16173| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code
161741 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at https://nmap.org/cgi-bin/submit.cgi?new-service :
16175SF-Port80-TCP:V=7.70%I=7%D=8/12%Time=5D50F73C%P=x86_64-pc-linux-gnu%r(GetR
16176SF:equest,FA,"HTTP/1\.0\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2
16177SF:012\x20Aug\x202019\x2005:21:05\x20GMT\r\nLocation:\x20https://192\.168\
16178SF:.192\.151/\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r
16179SF:\n<head><title>Object\x20moved\x20permanently</title></head><body><h1>O
16180SF:bject\x20Moved\x20Permanently</h1></body>")%r(HTTPOptions,FA,"HTTP/1\.0
16181SF:\x20301\x20Moved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x
16182SF:2005:21:06\x20GMT\r\nLocation:\x20https://192\.168\.192\.151/\r\nConten
16183SF:t-Length:\x2098\r\nContent-Type:\x20text/html\r\n\r\n<head><title>Objec
16184SF:t\x20moved\x20permanently</title></head><body><h1>Object\x20Moved\x20Pe
16185SF:rmanently</h1></body>")%r(FourOhFourRequest,11D,"HTTP/1\.0\x20301\x20Mo
16186SF:ved\x20Permanently\r\nDate:\x20Mon,\x2012\x20Aug\x202019\x2005:21:13\x2
16187SF:0GMT\r\nLocation:\x20https://192\.168\.192\.151/nice%20ports%2C/Tri%6Ei
16188SF:ty\.txt%2ebak\r\nContent-Length:\x2098\r\nContent-Type:\x20text/html\r\
16189SF:n\r\n<head><title>Object\x20moved\x20permanently</title></head><body><h
16190SF:1>Object\x20Moved\x20Permanently</h1></body>");
16191Device type: general purpose
16192Running (JUST GUESSING): Linux 2.6.X (92%)
16193OS CPE: cpe:/o:linux:linux_kernel:2.6
16194Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (92%)
16195No exact OS matches for host (test conditions non-ideal).
16196Uptime guess: 123.731 days (since Wed Apr 10 07:50:57 2019)
16197Network Distance: 2 hops
16198TCP Sequence Prediction: Difficulty=260 (Good luck!)
16199IP ID Sequence Generation: Broken little-endian incremental
16200Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
16201
16202TRACEROUTE (using port 139/tcp)
16203HOP RTT ADDRESS
162041 36.02 ms 10.251.200.1
162052 36.00 ms fg.gov.sa (87.101.230.92)
16206
16207NSE: Script Post-scanning.
16208Initiating NSE at 01:23
16209Completed NSE at 01:23, 0.00s elapsed
16210Initiating NSE at 01:23
16211Completed NSE at 01:23, 0.00s elapsed
16212Read data files from: /usr/bin/../share/nmap
16213######################################################################################################################################
16214Starting Nmap 7.70 ( https://nmap.org ) at 2019-08-12 01:23 EDT
16215NSE: Loaded 45 scripts for scanning.
16216NSE: Script Pre-scanning.
16217Initiating NSE at 01:23
16218Completed NSE at 01:23, 0.00s elapsed
16219Initiating NSE at 01:23
16220Completed NSE at 01:23, 0.00s elapsed
16221Initiating Parallel DNS resolution of 1 host. at 01:23
16222Completed Parallel DNS resolution of 1 host. at 01:23, 0.03s elapsed
16223Initiating UDP Scan at 01:23
16224Scanning fg.gov.sa (87.101.230.92) [15 ports]
16225Completed UDP Scan at 01:23, 1.86s elapsed (15 total ports)
16226Initiating Service scan at 01:23
16227Scanning 12 services on fg.gov.sa (87.101.230.92)
16228Service scan Timing: About 8.33% done; ETC: 01:42 (0:17:47 remaining)
16229Completed Service scan at 01:25, 102.60s elapsed (12 services on 1 host)
16230Initiating OS detection (try #1) against fg.gov.sa (87.101.230.92)
16231Initiating Traceroute at 01:25
16232Completed Traceroute at 01:25, 7.06s elapsed
16233Initiating Parallel DNS resolution of 1 host. at 01:25
16234Completed Parallel DNS resolution of 1 host. at 01:25, 0.00s elapsed
16235NSE: Script scanning 87.101.230.92.
16236Initiating NSE at 01:25
16237Completed NSE at 01:25, 7.25s elapsed
16238Initiating NSE at 01:25
16239Completed NSE at 01:25, 1.31s elapsed
16240Nmap scan report for fg.gov.sa (87.101.230.92)
16241Host is up (0.12s latency).
16242
16243PORT STATE SERVICE VERSION
1624453/udp open|filtered domain
1624567/udp open|filtered dhcps
1624668/udp open|filtered dhcpc
1624769/udp open|filtered tftp
1624888/udp open|filtered kerberos-sec
16249123/udp open|filtered ntp
16250137/udp filtered netbios-ns
16251138/udp filtered netbios-dgm
16252139/udp open|filtered netbios-ssn
16253161/udp open|filtered snmp
16254162/udp open|filtered snmptrap
16255389/udp open|filtered ldap
16256500/udp open|filtered isakmp
16257520/udp closed route
162582049/udp open|filtered nfs
16259Device type: printer|broadband router|general purpose|media device|VoIP phone|WAP
16260Running: HP embedded, Linux 2.4.X|2.6.X, LifeSize embedded, ShoreTel embedded, Microsoft Windows 2003
16261OS CPE: cpe:/o:linux:linux_kernel:2.4.37 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4 cpe:/h:shoretel:8800 cpe:/o:linux:linux_kernel:2.6.8 cpe:/o:microsoft:windows_server_2003:::enterprise
16262Too many fingerprints match this host to give specific OS details
16263Network Distance: 19 hops
16264
16265TRACEROUTE (using port 137/udp)
16266HOP RTT ADDRESS
162671 38.18 ms 10.251.200.1
162682 ... 9
1626910 33.10 ms 10.251.200.1
1627011 ... 12
1627113 33.88 ms 10.251.200.1
1627214 34.16 ms 10.251.200.1
1627315 34.16 ms 10.251.200.1
1627416 34.15 ms 10.251.200.1
1627517 34.13 ms 10.251.200.1
1627618 34.10 ms 10.251.200.1
1627719 34.11 ms 10.251.200.1
1627820 32.17 ms 10.251.200.1
1627921 ... 28
1628029 33.50 ms 10.251.200.1
1628130 35.64 ms 10.251.200.1
16282
16283NSE: Script Post-scanning.
16284Initiating NSE at 01:25
16285Completed NSE at 01:25, 0.00s elapsed
16286Initiating NSE at 01:25
16287Completed NSE at 01:25, 0.00s elapsed
16288Read data files from: /usr/bin/../share/nmap
16289OS and Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
16290Nmap done: 1 IP address (1 host up) scanned in 123.29 seconds
16291 Raw packets sent: 115 (8.704KB) | Rcvd: 25 (3.046KB)
16292#######################################################################################################################################
16293 Anonymous JTSEC #OpSaudiArabia Full Recon #13