· 6 years ago · Nov 11, 2019, 08:05 AM
1######################################################################################################################################
2=======================================================================================================================================
3Hostname www.osym.gov.tr ISP Tellcom Iletisim Hizmetleri A.s.
4Continent Asia Flag
5TR
6Country Turkey Country Code TR
7Region Ankara Local time 11 Nov 2019 08:56 +03
8City Ankara Postal Code 06934
9IP Address 213.14.221.20 Latitude 39.951
10 Longitude 32.872
11=======================================================================================================================================
12######################################################################################################################################
13> www.osym.gov.tr
14Server: 185.93.180.131
15Address: 185.93.180.131#53
16
17Non-authoritative answer:
18Name: www.osym.gov.tr
19Address: 213.14.221.20
20>
21######################################################################################################################################
22** Domain Name: osym.gov.tr
23
24** Registrant:
25 Ölçme Seçme ve Yerleştirme Merkezi
26 Üniversiteler Mah.İhsan Doğramacı Cd.
27 Bilkent,Çankaya
28 Ankara,
29 Türkiye
30 halil.yesilcimen@osym.gov.tr
31 + 90-312-2988156-
32 + 90-312-2664643
33
34
35** Administrative Contact:
36NIC Handle : osv43-metu
37Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
38Address : Üniversiteler Mah. İhsan Doğramacı Cd.
39 Bilkent, Çankaya
40 Ankara,06538
41 Türkiye
42Phone : + 90-312-2988156-
43Fax : + 90-312-2664643-
44
45
46** Technical Contact:
47NIC Handle : osv43-metu
48Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
49Address : Üniversiteler Mah. İhsan Doğramacı Cd.
50 Bilkent, Çankaya
51 Ankara,06538
52 Türkiye
53Phone : + 90-312-2988156-
54Fax : + 90-312-2664643-
55
56
57** Billing Contact:
58NIC Handle : osv43-metu
59Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
60Address : Üniversiteler Mah. İhsan Doğramacı Cd.
61 Bilkent, Çankaya
62 Ankara,06538
63 Türkiye
64Phone : + 90-312-2988156-
65Fax : + 90-312-2664643-
66
67
68** Domain Servers:
69ns4.osym.gov.tr 212.175.138.221
70ns5.osym.gov.tr 212.175.138.222
71ns1.osym.gov.tr 213.14.221.101
72ns2.osym.gov.tr 213.14.221.102
73
74** Additional Info:
75Created on..............: 1997-May-13.
76Expires on..............: 2021-May-12.
77######################################################################################################################################
78[+] Target : www.osym.gov.tr
79
80[+] IP Address : 213.14.221.20
81
82[+] Headers :
83
84[+] Cache-Control : private
85[+] Content-Type : text/html; charset=utf-8
86[+] Content-Encoding : gzip
87[+] Vary : Accept-Encoding
88[+] Set-Cookie : ASP.NET_SessionId=rwkinpdegvvy5z11kddd4n3l; path=/; HttpOnly
89[+] HomePageAndLang : true_1
90[+] Date : Mon, 11 Nov 2019 06:01:20 GMT
91[+] Content-Length : 30293
92
93[+] SSL Certificate Information :
94
95[+] businessCategory : Government Entity
96[+] serialNumber : GovernmentEntity
97[+] jurisdictionCountryName : TR
98[+] countryName : TR
99[+] stateOrProvinceName : Ankara
100[+] localityName : Cankaya
101[+] streetAddress : Universiteler Mh. Ihsan Dogramaci Blv. No:3
102[+] organizationalUnitName : Bilgi Guvenligi ve Yonetimi Daire Baskanligi
103[+] organizationName : Olcme, Secme ve Yerlestirme Merkezi Baskanligi
104[+] commonName : www.osym.gov.tr
105[+] countryName : BE
106[+] organizationName : GlobalSign nv-sa
107[+] commonName : GlobalSign Extended Validation CA - SHA256 - G3
108[+] Version : 3
109[+] Serial Number : 26E24FA941D96B1E3E3425A2
110[+] Not Before : Jul 13 15:46:20 2018 GMT
111[+] Not After : Jul 13 15:46:20 2020 GMT
112[+] OCSP : ('http://ocsp2.globalsign.com/gsextendvalsha2g3r3',)
113[+] subject Alt Name : (('DNS', 'www.osym.gov.tr'), ('DNS', 'gis.osym.gov.tr'), ('DNS', 'sonuc.osym.gov.tr'), ('DNS', 'odeme.osym.gov.tr'), ('DNS', 'ais.osym.gov.tr'), ('DNS', 'owa.osym.gov.tr'), ('DNS', 'mail.osym.gov.tr'), ('DNS', 'autodiscover.osym.gov.tr'), ('DNS', 'osym.gov.tr'))
114[+] CA Issuers : ('http://secure.globalsign.com/cacert/gsextendvalsha2g3r3.crt',)
115[+] CRL Distribution Points : ('http://crl.globalsign.com/gs/gsextendvalsha2g3r3.crl',)
116
117[+] Whois Lookup :
118
119[+] NIR : None
120[+] ASN Registry : ripencc
121[+] ASN : 34984
122[+] ASN CIDR : 213.14.221.0/24
123[+] ASN Country Code : TR
124[+] ASN Date : 1999-11-08
125[+] ASN Description : TELLCOM-AS, TR
126[+] cidr : 213.14.221.0/24
127[+] name : OSYM-NET
128[+] handle : LA6026-RIPE
129[+] range : 213.14.221.0 - 213.14.221.255
130[+] description : OSYM
131[+] country : TR
132[+] state : None
133[+] city : None
134[+] address : OSYM 06800/BILKENT ANKARA
135[+] postal_code : None
136[+] emails : None
137[+] created : 2014-12-30T13:13:44Z
138[+] updated : 2014-12-30T13:13:44Z
139
140[+] Crawling Target...
141
142[+] Looking for robots.txt........[ Found ]
143[+] Extracting robots Links.......[ 0 ]
144[+] Looking for sitemap.xml.......[ Found ]
145[+] Extracting sitemap Links......[ 0 ]
146[+] Extracting CSS Links..........[ 7 ]
147[+] Extracting Javascript Links...[ 15 ]
148[+] Extracting Internal Links.....[ 1 ]
149[+] Extracting External Links.....[ 50 ]
150[+] Extracting Images.............[ 7 ]
151
152[+] Total Links Extracted : 80
153
154[+] Dumping Links in /opt/FinalRecon/dumps/www.osym.gov.tr.dump
155[+] Completed!
156######################################################################################################################################
157[+] Starting At 2019-11-11 01:01:34.954778
158[+] Collecting Information On: http://www.osym.gov.tr/
159[#] Status: 200
160--------------------------------------------------
161[+] Xss Protection Detected !
162- Cache-Control: private
163- Content-Type: text/html; charset=utf-8
164- Content-Encoding: gzip
165- Vary: Accept-Encoding
166- Set-Cookie: ASP.NET_SessionId=3unqdsn00wwynz0qujlvvsos; path=/; HttpOnly; SameSite=strict
167- HomePageAndLang: true_1
168- X-FRAME-OPTIONS: SAMEORIGIN
169- X-XSS-PROTECTION: 1;mode=block
170- X-CONTENT-TYPE-OPTIONS: nosniff
171- CONTENT-SECURITY-POLICY: default-src * 'unsafe-inline' 'unsafe-eval'
172- Referrer-Policy: origin-when-cross-origin
173- Date: Mon, 11 Nov 2019 06:01:36 GMT
174- Content-Length: 30978
175--------------------------------------------------
176[#] Finding Location..!
177[#] status: success
178[#] country: Turkey
179[#] countryCode: TR
180[#] region: 06
181[#] regionName: Ankara
182[#] city: Ankara
183[#] zip: 06934
184[#] lat: 39.9511
185[#] lon: 32.8718
186[#] timezone: Europe/Istanbul
187[#] isp: OSYM
188[#] org:
189[#] as: AS34984 TELLCOM ILETISIM HIZMETLERI A.S.
190[#] query: 213.14.221.20
191--------------------------------------------------
192[x] Didn't Detect WAF Presence on: http://www.osym.gov.tr/
193--------------------------------------------------
194[#] Starting Reverse DNS
195[-] Failed ! Fail
196--------------------------------------------------
197[!] Scanning Open Port
198[#] 80/tcp open http
199[#] 443/tcp open https
200--------------------------------------------------
201[+] Collecting Information Disclosure!
202[#] Detecting sitemap.xml file
203[!] sitemap.xml File Found: http://www.osym.gov.tr//sitemap.xml
204[#] Detecting robots.txt file
205[!] robots.txt File Found: http://www.osym.gov.tr//robots.txt
206[#] Detecting GNU Mailman
207[-] GNU Mailman App Not Detected!?
208--------------------------------------------------
209[+] Crawling Url Parameter On: http://www.osym.gov.tr/
210--------------------------------------------------
211[#] Searching Html Form !
212[+] Html Form Discovered
213[#] action: /
214[#] class: None
215[#] id: form2
216[#] method: post
217--------------------------------------------------
218[!] Found 6 dom parameter
219[#] http://www.osym.gov.tr//#
220[#] http://www.osym.gov.tr//#
221[#] http://www.osym.gov.tr//#
222[#] http://www.osym.gov.tr//#yakindakiler
223[#] http://www.osym.gov.tr//#gecmis-sorular
224[#] http://www.osym.gov.tr//#surekli-duyurular
225--------------------------------------------------
226[-] No internal Dynamic Parameter Found!?
227--------------------------------------------------
228[!] 6 External Dynamic Parameter Discovered
229[#] https://fonts.googleapis.com/css?family=Oswald:400,700,300&subset=latin,latin-ext
230[#] https://play.google.com/store/apps/details?id=tr.gov.osym.osymmobil&hl=tr
231[#] https://itunes.apple.com/us/app/osym-mobil/id1046300695?mt=8
232[#] https://play.google.com/store/apps/details?id=tr.gov.osym.osymmobil&hl=tr
233[#] https://itunes.apple.com/us/app/osym-mobil/id1046300695?mt=8
234[#] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBfTaCuPqjY0VmQlqOC9a8y2fx3R-YNJA8B6776O_YT_f4HEi_bJ_UHNOL3dz_H6gECb8H2eDUfJiGcSW8lHfvtOirTeSf3u2kPKplwi80P2fnp3sVkDDZptZ4RALOloKJoUujKgpKqRQFITNOJDQ-hqtg_ji98ieSMBSzKDkqLpew
235--------------------------------------------------
236[!] 136 Internal links Discovered
237[+] http://www.osym.gov.tr//images/favicon/apple-icon-57x57.png
238[+] http://www.osym.gov.tr//images/favicon/apple-icon-60x60.png
239[+] http://www.osym.gov.tr//images/favicon/apple-icon-72x72.png
240[+] http://www.osym.gov.tr//images/favicon/apple-icon-76x76.png
241[+] http://www.osym.gov.tr//images/favicon/apple-icon-114x114.png
242[+] http://www.osym.gov.tr//images/favicon/apple-icon-120x120.png
243[+] http://www.osym.gov.tr//images/favicon/apple-icon-144x144.png
244[+] http://www.osym.gov.tr//images/favicon/apple-icon-152x152.png
245[+] http://www.osym.gov.tr//images/favicon/apple-icon-180x180.png
246[+] http://www.osym.gov.tr//images/favicon/android-icon-192x192.png
247[+] http://www.osym.gov.tr//images/favicon/favicon-32x32.png
248[+] http://www.osym.gov.tr//images/favicon/favicon-96x96.png
249[+] http://www.osym.gov.tr//images/favicon/favicon-16x16.png
250[+] http://www.osym.gov.tr//images/favicon/manifest.json
251[+] http://www.osym.gov.tr//css/preloader.css
252[+] http://www.osym.gov.tr//css/bootstrap.css
253[+] http://www.osym.gov.tr//css/bootstrap-select.css
254[+] http://www.osym.gov.tr//css/general.css
255[+] http://www.osym.gov.tr//css/responsive.css
256[+] http://www.osym.gov.tr//js/dist/vis.css
257[+] http://www.osym.gov.tr//css/jscroll-pane.css
258[+] http://www.osym.gov.tr/TR,546/internet-erisim-sifresi-30062015.html
259[+] https://sonuc.osym.gov.tr/BelgeKontrol.aspx
260[+] http://www.osym.gov.tr///
261[+] http://ais.osym.gov.tr
262[+] http://gis.osym.gov.tr
263[+] http://sonuc.osym.gov.tr
264[+] http://odeme.osym.gov.tr
265[+] http://www.osym.gov.tr///TR,8794/iletisim.html
266[+] http://www.osym.gov.tr//tel:4446796
267[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/kilavuz07112019.pdf
268[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/tablo1_07112019.pdf
269[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/tablo2_07112019.pdf
270[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/nitelikler07112019.pdf
271[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/dilekce07112019.pdf
272[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/kilavuz25102019.pdf
273[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/abf25102019.pdf
274[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/ebf25102019.pdf
275[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/basvurumerkezleri25102019.pdf
276[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/ysm25102019.pdf
277[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bkilavuz07112019.pdf
278[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/abf07112019.pdf
279[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/ebf07112019.pdf
280[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bm07112019.pdf
281[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/kilavuz17092019.pdf
282[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/ABF17092019.pdf
283[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/ebf17092019.pdf
284[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/basvurumerkezleri17092019.pdf
285[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/kilavuz31102019.pdf
286[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/abf31102019.pdf
287[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/ebf31102019.pdf
288[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/bm31102019.pdf
289[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kilavuz01112019.pdf
290[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kontenjanlartablosu01112019.pdf
291[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/abf01112019.pdf
292[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/ebf01112019.pdf
293[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/bm01112019.pdf
294[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bkilavuz07112019.pdf
295[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/abf07112019.pdf
296[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/ebf07112019.pdf
297[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bm07112019.pdf
298[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/kilavuz09102019.pdf
299[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/abf09102019.pdf
300[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/ebf09102019.pdf
301[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/bm09102019.pdf
302[+] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/ysm09102019.pdf
303[+] http://osym.gov.tr/TR,15164/yks-cikmis-sorular.html
304[+] http://osym.gov.tr/TR,15045/osys-cikmis-sorular.html
305[+] http://osym.gov.tr/TR,15071/kpss-cikmis-sorular.html
306[+] http://osym.gov.tr/TR,15069/ales-cikmis-sorular.html
307[+] http://osym.gov.tr/TR,15073/yds-cikmis-sorular.html
308[+] http://osym.gov.tr/TR,15068/dgs-cikmis-sorular.html
309[+] http://osym.gov.tr/TR,15072/tus-cikmis-sorular.html
310[+] http://osym.gov.tr/TR,15070/dus-cikmis-sorular.html
311[+] http://osym.gov.tr/TR,15209/msu-cikmis-sorular.html
312[+] http://osym.gov.tr/TR,15045/osys-cikmis-sorular.html
313[+] http://www.osym.gov.tr///TR,16920/2019-yks-degerlendirme-raporu.html
314[+] http://www.osym.gov.tr///TR,15752/2019-msu-degerlendirme-raporu.html
315[+] http://www.osym.gov.tr///TR,15636/2018-kpss-on-lisans-degerlendirme-raporu.html
316[+] http://www.osym.gov.tr///TR,15581/2018-kpss-ortaogretim-degerlendirme-raporu.html
317[+] http://www.osym.gov.tr///TR,15509/2018-ales2-degerlendirme-raporu.html
318[+] http://www.osym.gov.tr///TR,15429/2018-tus-ilkbahar-degerlendirme-raporu.html
319[+] http://www.osym.gov.tr///TR,15256/2018-yks-degerlendirme-raporu.html
320[+] http://www.osym.gov.tr///TR,15225/2017-oabt-degerlendirme-raporu.html
321[+] http://www.osym.gov.tr///TR,15066/2017-tus-sonbahar-degerlendirme-raporu.html
322[+] http://www.osym.gov.tr///TR,15063/2017-e-yds-ingilizce-degerlendirme-raporu.html
323[+] http://www.osym.gov.tr///TR,15062/2017-tus-ilkbahar-degerlendirme-raporu.html
324[+] http://www.osym.gov.tr///TR,15061/2018-msu-degerlendirme-raporu.html
325[+] http://www.osym.gov.tr///TR,15060/engelisaglik-sorunu-veya-ozel-durumu-olan-adaylara-yapilan-sinav-uygulamalari.html
326[+] http://www.osym.gov.tr///TR,15059/2017-dgs-degerlendirme-raporu.html
327[+] http://www.osym.gov.tr///TR,15058/2017-ales-sonbahar-degerlendirme-raporu.html
328[+] http://www.osym.gov.tr///TR,10188/duyurular.html
329[+] http://www.osym.gov.tr///TR,17061/2019-elektronik-yabanci-dil-sinavi-e-yds-201912-ingilizce--sonuclari-aciklandi-09112019.html
330[+] http://www.osym.gov.tr///TR,17065/2019-tus-2-donem-yerlestirme-sonuclari-aciklandi-08112019.html
331[+] http://www.osym.gov.tr///TR,17062/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirme-sonuclari-aciklandi-08112019.html
332[+] http://www.osym.gov.tr///TR,17060/2019-kaymakamlik-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-07112019.html
333[+] http://www.osym.gov.tr///TR,17059/2019-ales3-sinava-giris-belgeleri-aciklandi-07112019.html
334[+] http://www.osym.gov.tr///TR,17049/kpss-20195-tarim-ve-orman-bakanligi-meteoroloji-genel-mudurlugunun-sozlesmeli-pozisyonlarina-yerlestirme-yapmak-icin-adaylardan-tercih-alinmasi-07112019.html
335[+] http://www.osym.gov.tr///TR,17057/2019-adalet-bakanligi-icra-mudur-ve-icra-mudur-yardimcilarini-secme-sinavi-basvurularinin-alinmasi-07112019.html
336[+] http://www.osym.gov.tr///TR,17048/e-yds-201912-ingilizce-sinava-giris-belgeleri-aciklandi-06112019.html
337[+] http://www.osym.gov.tr///TR,17044/2019-yokdil-temel-soru-kitapciklari-ve-cevap-anahtarlari-yayimlandi-04112019.html
338[+] http://www.osym.gov.tr///TR,17032/2019-ydus-basvurularinin-alinmasi-01112019.html
339[+] http://www.osym.gov.tr///TR,17042/2019-yokdil-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-31102019.html
340[+] http://www.osym.gov.tr///TR,17031/2019-adalet-bakanligi-sinavlari-adli-yargiidari-yargiadli-yargi-avukat-basvurularinin-alinmasi-31102019.html
341[+] http://www.osym.gov.tr///TR,17043/2019-tus-2-donem-tercih-islemleri-31102019.html
342[+] http://www.osym.gov.tr///TR,17029/2019-eus-yerlestirme-sonuclari-aciklandi-31102019.html
343[+] http://www.osym.gov.tr///TR,17030/2018-ydus-ek-yerlestirme-sonuclari-aciklandi-31102019.html
344[+] http://www.osym.gov.tr///TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
345[+] http://www.osym.gov.tr///TR,17025/2019-isg-2-donem-basvurularinin-alinmasi-25102019.html
346[+] http://www.osym.gov.tr///TR,17024/2019-yokdil-sinava-giris-belgeleri-aciklandi-24102019.html
347[+] http://www.osym.gov.tr///TR,17022/2019-tus-2-donem-tercihlerinin-alinmasi-23102019.html
348[+] http://www.osym.gov.tr///TR,17020/2019-elektronik-yabanci-dil-sinavi-e-yds-201911-ingilizce--sonuclari-aciklandi-19102019.html
349[+] http://www.osym.gov.tr///TR,17018/2018-ydus-ek-tercihlerin-alinmasi-18102019.html
350[+] http://www.osym.gov.tr///TR,17017/2019-dus-ve-2019-sts-dis-hekimligi-sinavlari-cevap-kagitlari-ve-aday-cevaplari-erisime-acildi-17102019.html
351[+] http://www.osym.gov.tr///TR,17016/2019-dus-ve-2019-sts-dis-hekimligi-sinav-sonuclari-aciklandi-17102019.html
352[+] http://www.osym.gov.tr///TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
353[+] http://www.osym.gov.tr///TR,17011/e-yds-201911-ingilizce-sinava-giris-belgeleri-aciklandi-16102019.html
354[+] http://www.osym.gov.tr///TR,17012/e-yds-201912-ingilizce-basvurularinin-alinmasi-16102019.html
355[+] http://www.osym.gov.tr///TR,17010/2019-dgs-ek-yerlestirme-sonuclari-aciklandi-14102019.html
356[+] http://www.osym.gov.tr///TR,17006/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirilme-islemleri--11102019.html
357[+] http://www.osym.gov.tr///TR,17003/2019-yds3-basvurularinin-alinmasi-09102019.html
358[+] http://www.osym.gov.tr///TR,16998/2019-yks-milli-sporcu-yerlestirme-sonuclari-aciklandi-04102019.html
359[+] http://www.osym.gov.tr//javascript:;
360[+] http://www.osym.gov.tr//javascript:;
361[+] http://www.osym.gov.tr//' + a2.UrlSin + '
362[+] http://www.osym.gov.tr//' + a2.UrlBas + '
363[+] http://www.osym.gov.tr//' + a2.UrlSon + '
364[+] http://www.osym.gov.tr//' + a2.UrlTer + '
365[+] http://www.osym.gov.tr//' + a2.UrlGecBas + '
366[+] http://www.osym.gov.tr///TR,8797/takvim.html
367[+] http://www.osym.gov.tr///TR,9279/koordinatorlukler.html
368[+] http://www.osym.gov.tr///TR,13734/bilgilendirme-videolari.html
369[+] http://www.osym.gov.tr///TR,757/arsiv.html
370[+] http://www.osym.gov.tr///TR,9095/basin-odasi.html
371[+] http://www.osym.gov.tr///TR,6547/arastirma-yayin-ve-istatistikler.html
372[+] http://www.osym.gov.tr///TR,8799/sikca-sorulan-sorular.html
373--------------------------------------------------
374[!] 4 External links Discovered
375[#] https://tr-tr.facebook.com/OSYMBaskanligi
376[#] https://twitter.com/osymbaskanligi
377[#] https://www.youtube.com/channel/UCts6dvZTvwyaibUKHN0AYzA/featured
378[#] http://webtest/TR,13560/osys-cikmis-sorular.html
379--------------------------------------------------
380[#] Mapping Subdomain..
381[!] Found 53 Subdomain
382- ns1.osym.gov.tr
383- ns2.osym.gov.tr
384- osymtstest2.osym.gov.tr
385- evrakdogrulama.osym.gov.tr
386- kaltura.osym.gov.tr
387- posta.osym.gov.tr
388- sonuc.osym.gov.tr
389- ftp-bd.osym.gov.tr
390- odeme.osym.gov.tr
391- temsilci.osym.gov.tr
392- smistestyeni.osym.gov.tr
393- mobil.osym.gov.tr
394- em.osym.gov.tr
395- dokuman.osym.gov.tr
396- dialin.osym.gov.tr
397- lmsvideo.osym.gov.tr
398- sip.osym.gov.tr
399- smtpapp.osym.gov.tr
400- osymsmtp.osym.gov.tr
401- lyncdiscover.osym.gov.tr
402- mmsrapor.osym.gov.tr
403- ds.osym.gov.tr
404- ais.osym.gov.tr
405- tsais.osym.gov.tr
406- gis.osym.gov.tr
407- kkis.osym.gov.tr
408- bmis.osym.gov.tr
409- smis.osym.gov.tr
410- sanalservis.osym.gov.tr
411- lms.osym.gov.tr
412- mms.osym.gov.tr
413- vps.osym.gov.tr
414- fss.osym.gov.tr
415- osymts.osym.gov.tr
416- sfbws.osym.gov.tr
417- mws.osym.gov.tr
418- meet.osym.gov.tr
419- adaykayit.osym.gov.tr
420- aistest.osym.gov.tr
421- gistest.osym.gov.tr
422- kkistest.osym.gov.tr
423- bmistest.osym.gov.tr
424- smistest.osym.gov.tr
425- yistest.osym.gov.tr
426- osymtstest.osym.gov.tr
427- sorgu.osym.gov.tr
428- esinav.osym.gov.tr
429- aisarsiv.osym.gov.tr
430- www.osym.gov.tr
431- postamx.osym.gov.tr
432- ekilavuz.osym.gov.tr
433- yduskilavuz.osym.gov.tr
434- tuskilavuz.osym.gov.tr
435--------------------------------------------------
436[!] Done At 2019-11-11 01:02:19.878396
437#######################################################################################################################################
438[i] Scanning Site: http://www.osym.gov.tr
439
440
441
442B A S I C I N F O
443====================
444
445
446[+] Site Title:
447 ÖSYM • T.C. ÖLÇME, SEÇME VE YERLEŞTİRME MERKEZİ
448
449[+] IP address: 213.14.221.20
450[+] Web Server: Could Not Detect
451[+] CMS: Could Not Detect
452[+] Cloudflare: Not Detected
453[+] Robots File: Found
454
455-------------[ contents ]----------------
456User-agent: *
457
458Sitemap: http://www.osym.gov.tr/ANA-SAYFA/site-agaci
459-----------[end of contents]-------------
460
461
462
463W H O I S L O O K U P
464========================
465
466 ** Domain Name: osym.gov.tr
467
468** Registrant:
469 Ölçme Seçme ve Yerleştirme Merkezi
470 Üniversiteler Mah.İhsan Doğramacı Cd.
471 Bilkent,Çankaya
472 Ankara,
473 Türkiye
474 halil.yesilcimen@osym.gov.tr
475 + 90-312-2988156-
476 + 90-312-2664643
477
478
479** Administrative Contact:
480NIC Handle : osv43-metu
481Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
482Address : Üniversiteler Mah. İhsan Doğramacı Cd.
483 Bilkent, Çankaya
484 Ankara,06538
485 Türkiye
486Phone : + 90-312-2988156-
487Fax : + 90-312-2664643-
488
489
490** Technical Contact:
491NIC Handle : osv43-metu
492Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
493Address : Üniversiteler Mah. İhsan Doğramacı Cd.
494 Bilkent, Çankaya
495 Ankara,06538
496 Türkiye
497Phone : + 90-312-2988156-
498Fax : + 90-312-2664643-
499
500
501** Billing Contact:
502NIC Handle : osv43-metu
503Organization Name : Ölçme Seçme ve Yerleştirme Merkezi
504Address : Üniversiteler Mah. İhsan Doğramacı Cd.
505 Bilkent, Çankaya
506 Ankara,06538
507 Türkiye
508Phone : + 90-312-2988156-
509Fax : + 90-312-2664643-
510
511
512** Domain Servers:
513ns4.osym.gov.tr 212.175.138.221
514ns5.osym.gov.tr 212.175.138.222
515ns1.osym.gov.tr 213.14.221.101
516ns2.osym.gov.tr 213.14.221.102
517
518** Additional Info:
519Created on..............: 1997-May-13.
520Expires on..............: 2021-May-12.
521
522
523
524
525G E O I P L O O K U P
526=========================
527
528[i] IP Address: 213.14.221.20
529[i] Country: Turkey
530[i] State:
531[i] City:
532[i] Latitude: 41.0214
533[i] Longitude: 28.9948
534
535
536
537
538H T T P H E A D E R S
539=======================
540
541
542[i] HTTP/1.1 200 OK
543[i] Cache-Control: private
544[i] Content-Type: text/html; charset=utf-8
545[i] Set-Cookie: ASP.NET_SessionId=ulxsak3lbm2a0crbgaclik3q; path=/; HttpOnly
546[i] HomePageAndLang: true_1
547[i] Date: Mon, 11 Nov 2019 06:01:58 GMT
548[i] Connection: keep-alive
549[i] Content-Length: 172864
550
551
552
553
554D N S L O O K U P
555===================
556
557osym.gov.tr. 3599 IN A 213.14.221.20
558osym.gov.tr. 3599 IN NS ns2.osym.gov.tr.
559osym.gov.tr. 3599 IN NS ns1.osym.gov.tr.
560osym.gov.tr. 3599 IN SOA ns1.osym.gov.tr. osym.gov.tr. 2013102418 3600 600 1209600 3600
561osym.gov.tr. 3599 IN MX 10 postamx.osym.gov.tr.
562osym.gov.tr. 3599 IN TXT "1aJCOdSACpCMv2hWUZafWc863NVkxyW35Ma7fkTv3Cs="
563osym.gov.tr. 3599 IN TXT "v=spf1 a mx a:postamx.osym.gov.tr a:osymsmtp.osym.gov.tr a:smtpapp.osym.gov.tr -all"
564osym.gov.tr. 3599 IN TXT "e9TIbVJTM6ULHH8HWY+2851pUjU77rB0y1HdbCmpdEM="
565osym.gov.tr. 3599 IN TXT "IxRF+DwPI4foe+Jk7sb1U6WNCJ0SHxzI3FT5cKrabYc="
566osym.gov.tr. 3599 IN TXT "v=DMARC1; p=quarantine; sp=quarantine; rf=afrf; pct=100; ri=86400"
567osym.gov.tr. 3599 IN RP murat.dorterler\@osym.gov.tr. .
568
569
570
571
572S U B N E T C A L C U L A T I O N
573====================================
574
575Address = 213.14.221.20
576Network = 213.14.221.20 / 32
577Netmask = 255.255.255.255
578Broadcast = not needed on Point-to-Point links
579Wildcard Mask = 0.0.0.0
580Hosts Bits = 0
581Max. Hosts = 1 (2^0 - 0)
582Host Range = { 213.14.221.20 - 213.14.221.20 }
583
584
585
586N M A P P O R T S C A N
587============================
588
589Starting Nmap 7.70 ( https://nmap.org ) at 2019-11-11 06:02 UTC
590Nmap scan report for osym.gov.tr (213.14.221.20)
591Host is up (0.13s latency).
592rDNS record for 213.14.221.20: www.xn--sym-rna.gov.tr
593
594PORT STATE SERVICE
59521/tcp filtered ftp
59622/tcp filtered ssh
59723/tcp filtered telnet
59880/tcp open http
599110/tcp filtered pop3
600143/tcp filtered imap
601443/tcp open https
6023389/tcp filtered ms-wbt-server
603
604Nmap done: 1 IP address (1 host up) scanned in 3.89 seconds
605
606
607
608S U B - D O M A I N F I N D E R
609==================================
610
611
612[i] Total Subdomains Found : 52
613
614[+] Subdomain: ns2.osym.gov.tr
615[-] IP: 213.14.221.102
616
617[+] Subdomain: osymtstest2.osym.gov.tr
618[-] IP: 213.14.221.148
619
620[+] Subdomain: evrakdogrulama.osym.gov.tr
621[-] IP: 213.14.221.125
622
623[+] Subdomain: kaltura.osym.gov.tr
624[-] IP: 213.14.221.147
625
626[+] Subdomain: posta.osym.gov.tr
627[-] IP: 213.14.221.134
628
629[+] Subdomain: sonuc.osym.gov.tr
630[-] IP: 213.14.221.6
631
632[+] Subdomain: ftp-bd.osym.gov.tr
633[-] IP: 193.140.113.40
634
635[+] Subdomain: odeme.osym.gov.tr
636[-] IP: 213.14.221.10
637
638[+] Subdomain: temsilci.osym.gov.tr
639[-] IP: 193.140.113.17
640
641[+] Subdomain: smistestyeni.osym.gov.tr
642[-] IP: 193.140.115.95
643
644[+] Subdomain: mobil.osym.gov.tr
645[-] IP: 213.14.221.138
646
647[+] Subdomain: em.osym.gov.tr
648[-] IP: 213.14.221.136
649
650[+] Subdomain: dokuman.osym.gov.tr
651[-] IP: 213.14.221.140
652
653[+] Subdomain: dialin.osym.gov.tr
654[-] IP: 193.140.115.56
655
656[+] Subdomain: lmsvideo.osym.gov.tr
657[-] IP: 213.14.221.23
658
659[+] Subdomain: sip.osym.gov.tr
660[-] IP: 193.140.113.56
661
662[+] Subdomain: smtpapp.osym.gov.tr
663[-] IP: 213.14.221.251
664
665[+] Subdomain: osymsmtp.osym.gov.tr
666[-] IP: 193.140.113.14
667
668[+] Subdomain: lyncdiscover.osym.gov.tr
669[-] IP: 193.140.115.56
670
671[+] Subdomain: mmsrapor.osym.gov.tr
672[-] IP: 193.140.113.41
673
674[+] Subdomain: ds.osym.gov.tr
675[-] IP: 213.14.221.136
676
677[+] Subdomain: ais.osym.gov.tr
678[-] IP: 213.14.221.7
679
680[+] Subdomain: tsais.osym.gov.tr
681[-] IP: 213.14.221.139
682
683[+] Subdomain: gis.osym.gov.tr
684[-] IP: 213.14.221.8
685
686[+] Subdomain: kkis.osym.gov.tr
687[-] IP: 213.14.221.16
688
689[+] Subdomain: bmis.osym.gov.tr
690[-] IP: 213.14.221.13
691
692[+] Subdomain: smis.osym.gov.tr
693[-] IP: 213.14.221.15
694
695[+] Subdomain: sanalservis.osym.gov.tr
696[-] IP: 213.14.221.22
697
698[+] Subdomain: lms.osym.gov.tr
699[-] IP: 213.14.221.23
700
701[+] Subdomain: mms.osym.gov.tr
702[-] IP: 213.14.221.144
703
704[+] Subdomain: vps.osym.gov.tr
705[-] IP: 213.14.221.135
706
707[+] Subdomain: fss.osym.gov.tr
708[-] IP: 213.14.221.19
709
710[+] Subdomain: osymts.osym.gov.tr
711[-] IP: 213.14.221.146
712
713[+] Subdomain: sfbws.osym.gov.tr
714[-] IP: 193.140.115.56
715
716[+] Subdomain: mws.osym.gov.tr
717[-] IP: 213.14.221.132
718
719[+] Subdomain: meet.osym.gov.tr
720[-] IP: 193.140.115.56
721
722[+] Subdomain: adaykayit.osym.gov.tr
723[-] IP: 193.140.115.118
724
725[+] Subdomain: aistest.osym.gov.tr
726[-] IP: 213.14.221.139
727
728[+] Subdomain: gistest.osym.gov.tr
729[-] IP: 213.14.221.139
730
731[+] Subdomain: kkistest.osym.gov.tr
732[-] IP: 213.14.221.143
733
734[+] Subdomain: bmistest.osym.gov.tr
735[-] IP: 193.140.115.95
736
737[+] Subdomain: smistest.osym.gov.tr
738[-] IP: 213.14.221.139
739
740[+] Subdomain: yistest.osym.gov.tr
741[-] IP: 193.140.115.95
742
743[+] Subdomain: osymtstest.osym.gov.tr
744[-] IP: 193.140.115.197
745
746[+] Subdomain: sorgu.osym.gov.tr
747[-] IP: 193.140.112.20
748
749[+] Subdomain: esinav.osym.gov.tr
750[-] IP: 213.14.221.145
751
752[+] Subdomain: aisarsiv.osym.gov.tr
753[-] IP: 213.14.221.9
754
755[+] Subdomain: www.osym.gov.tr
756[-] IP: 213.14.221.20
757
758[+] Subdomain: postamx.osym.gov.tr
759[-] IP: 213.14.221.133
760
761[+] Subdomain: ekilavuz.osym.gov.tr
762[-] IP: 213.14.221.24
763
764[+] Subdomain: yduskilavuz.osym.gov.tr
765[-] IP: 213.14.221.142
766
767[+] Subdomain: tuskilavuz.osym.gov.tr
768[-] IP: 213.14.221.142
769######################################################################################################################################
770[INFO] ------TARGET info------
771[*] TARGET: http://www.osym.gov.tr/
772[*] TARGET IP: 213.14.221.20
773[INFO] NO load balancer detected for www.osym.gov.tr...
774[*] DNS servers: ns1.osym.gov.tr.
775[*] TARGET server:
776[*] CC: TR
777[*] Country: Turkey
778[*] RegionCode: 06
779[*] RegionName: Ankara
780[*] City: Ankara
781[*] ASN: AS35619
782[*] BGP_PREFIX: 213.0.0.0/8
783[*] ISP: ASN-BUEHL Kevin Buehl, VA
784[INFO] DNS enumeration:
785[*] ns1.osym.gov.tr 213.14.221.101
786[*] ns2.osym.gov.tr 213.14.221.102
787[INFO] Possible abuse mails are:
788[*] abuse@osym.gov.tr
789[*] abuse@superonline.com
790[*] abuse@www.osym.gov.tr
791[INFO] NO PAC (Proxy Auto Configuration) file FOUND
792[ALERT] robots.txt file FOUND in http://www.osym.gov.tr/robots.txt
793[INFO] Checking for HTTP status codes recursively from http://www.osym.gov.tr/robots.txt
794[INFO] Status code Folders
795[INFO] Starting FUZZing in http://www.osym.gov.tr/FUzZzZzZzZz...
796[INFO] Status code Folders
797[*] 200 http://www.osym.gov.tr/index
798[*] 200 http://www.osym.gov.tr/images
799[*] 200 http://www.osym.gov.tr/download
800[*] 200 http://www.osym.gov.tr/2006
801[*] 200 http://www.osym.gov.tr/news
802[*] 200 http://www.osym.gov.tr/crack
803[*] 200 http://www.osym.gov.tr/serial
804[*] 200 http://www.osym.gov.tr/warez
805[*] 200 http://www.osym.gov.tr/full
806[*] 200 http://www.osym.gov.tr/12
807[ALERT] Look in the source code. It may contain passwords
808[INFO] Links found from http://www.osym.gov.tr/ http://213.14.221.20/:
809[*] http://213.14.221.20/
810[*] http://213.14.221.20/#gecmis-sorular
811[*] http://213.14.221.20/#Map
812[*] http://213.14.221.20/#surekli-duyurular
813[*] http://213.14.221.20/TR,10188/duyurular.html
814[*] http://213.14.221.20/TR,125/ales.html
815[*] http://213.14.221.20/TR,12674/e-sinav-merkezleri.html
816[*] http://213.14.221.20/TR,13077/eus.html
817[*] http://213.14.221.20/TR,13493/yks.html
818[*] http://213.14.221.20/TR,13734/bilgilendirme-videolari.html
819[*] http://213.14.221.20/TR,144/tus.html
820[*] http://213.14.221.20/TR,15058/2017-ales-sonbahar-degerlendirme-raporu.html
821[*] http://213.14.221.20/TR,15059/2017-dgs-degerlendirme-raporu.html
822[*] http://213.14.221.20/TR,15060/engelisaglik-sorunu-veya-ozel-durumu-olan-adaylara-yapilan-sinav-uygulamalari.html
823[*] http://213.14.221.20/TR,15061/2018-msu-degerlendirme-raporu.html
824[*] http://213.14.221.20/TR,15062/2017-tus-ilkbahar-degerlendirme-raporu.html
825[*] http://213.14.221.20/TR,15063/2017-e-yds-ingilizce-degerlendirme-raporu.html
826[*] http://213.14.221.20/TR,15066/2017-tus-sonbahar-degerlendirme-raporu.html
827[*] http://213.14.221.20/TR,15225/2017-oabt-degerlendirme-raporu.html
828[*] http://213.14.221.20/TR,15256/2018-yks-degerlendirme-raporu.html
829[*] http://213.14.221.20/TR,15429/2018-tus-ilkbahar-degerlendirme-raporu.html
830[*] http://213.14.221.20/TR,15509/2018-ales2-degerlendirme-raporu.html
831[*] http://213.14.221.20/TR,15581/2018-kpss-ortaogretim-degerlendirme-raporu.html
832[*] http://213.14.221.20/TR,15636/2018-kpss-on-lisans-degerlendirme-raporu.html
833[*] http://213.14.221.20/TR,15752/2019-msu-degerlendirme-raporu.html
834[*] http://213.14.221.20/TR,15761/yokdil.html
835[*] http://213.14.221.20/TR,16920/2019-yks-degerlendirme-raporu.html
836[*] http://213.14.221.20/TR,16998/2019-yks-milli-sporcu-yerlestirme-sonuclari-aciklandi-04102019.html
837[*] http://213.14.221.20/TR,17003/2019-yds3-basvurularinin-alinmasi-09102019.html
838[*] http://213.14.221.20/TR,17006/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirilme-islemleri--11102019.html
839[*] http://213.14.221.20/TR,17010/2019-dgs-ek-yerlestirme-sonuclari-aciklandi-14102019.html
840[*] http://213.14.221.20/TR,17011/e-yds-201911-ingilizce-sinava-giris-belgeleri-aciklandi-16102019.html
841[*] http://213.14.221.20/TR,17012/e-yds-201912-ingilizce-basvurularinin-alinmasi-16102019.html
842[*] http://213.14.221.20/TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
843[*] http://213.14.221.20/TR,17016/2019-dus-ve-2019-sts-dis-hekimligi-sinav-sonuclari-aciklandi-17102019.html
844[*] http://213.14.221.20/TR,17017/2019-dus-ve-2019-sts-dis-hekimligi-sinavlari-cevap-kagitlari-ve-aday-cevaplari-erisime-acildi-17102019.html
845[*] http://213.14.221.20/TR,17018/2018-ydus-ek-tercihlerin-alinmasi-18102019.html
846[*] http://213.14.221.20/TR,17020/2019-elektronik-yabanci-dil-sinavi-e-yds-201911-ingilizce--sonuclari-aciklandi-19102019.html
847[*] http://213.14.221.20/TR,17022/2019-tus-2-donem-tercihlerinin-alinmasi-23102019.html
848[*] http://213.14.221.20/TR,17024/2019-yokdil-sinava-giris-belgeleri-aciklandi-24102019.html
849[*] http://213.14.221.20/TR,17025/2019-isg-2-donem-basvurularinin-alinmasi-25102019.html
850[*] http://213.14.221.20/TR,17029/2019-eus-yerlestirme-sonuclari-aciklandi-31102019.html
851[*] http://213.14.221.20/TR,17030/2018-ydus-ek-yerlestirme-sonuclari-aciklandi-31102019.html
852[*] http://213.14.221.20/TR,17031/2019-adalet-bakanligi-sinavlari-adli-yargiidari-yargiadli-yargi-avukat-basvurularinin-alinmasi-31102019.html
853[*] http://213.14.221.20/TR,17032/2019-ydus-basvurularinin-alinmasi-01112019.html
854[*] http://213.14.221.20/TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
855[*] http://213.14.221.20/TR,17042/2019-yokdil-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-31102019.html
856[*] http://213.14.221.20/TR,17043/2019-tus-2-donem-tercih-islemleri-31102019.html
857[*] http://213.14.221.20/TR,17044/2019-yokdil-temel-soru-kitapciklari-ve-cevap-anahtarlari-yayimlandi-04112019.html
858[*] http://213.14.221.20/TR,17048/e-yds-201912-ingilizce-sinava-giris-belgeleri-aciklandi-06112019.html
859[*] http://213.14.221.20/TR,17049/kpss-20195-tarim-ve-orman-bakanligi-meteoroloji-genel-mudurlugunun-sozlesmeli-pozisyonlarina-yerlestirme-yapmak-icin-adaylardan-tercih-alinmasi-07112019.html
860[*] http://213.14.221.20/TR,17057/2019-adalet-bakanligi-icra-mudur-ve-icra-mudur-yardimcilarini-secme-sinavi-basvurularinin-alinmasi-07112019.html
861[*] http://213.14.221.20/TR,17059/2019-ales3-sinava-giris-belgeleri-aciklandi-07112019.html
862[*] http://213.14.221.20/TR,17060/2019-kaymakamlik-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-07112019.html
863[*] http://213.14.221.20/TR,17061/2019-elektronik-yabanci-dil-sinavi-e-yds-201912-ingilizce--sonuclari-aciklandi-09112019.html
864[*] http://213.14.221.20/TR,17062/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirme-sonuclari-aciklandi-08112019.html
865[*] http://213.14.221.20/TR,17065/2019-tus-2-donem-yerlestirme-sonuclari-aciklandi-08112019.html
866[*] http://213.14.221.20/TR,184/yds.html
867[*] http://213.14.221.20/TR,262/dgs.html
868[*] http://213.14.221.20/TR,281/ydus.html
869[*] http://213.14.221.20/TR,297/dus.html
870[*] http://213.14.221.20/TR,315/kurum-sinavlari-ve-digerleri.html
871[*] http://213.14.221.20/TR,62/kpss.html
872[*] http://213.14.221.20/TR,6547/arastirma-yayin-ve-istatistikler.html
873[*] http://213.14.221.20/TR,757/arsiv.html
874[*] http://213.14.221.20/TR,8789/hakkinda.html
875[*] http://213.14.221.20/TR,8790/teskilat.html
876[*] http://213.14.221.20/TR,8791/mevzuat.html
877[*] http://213.14.221.20/TR,8794/iletisim.html
878[*] http://213.14.221.20/TR,8797/takvim.html
879[*] http://213.14.221.20/TR,8799/sikca-sorulan-sorular.html
880[*] http://213.14.221.20/TR,9095/basin-odasi.html
881[*] http://213.14.221.20/TR,9279/koordinatorlukler.html
882[*] http://213.14.221.20/TR,97/ekpss.html
883[*] http://213.14.221.20/#yakindakiler
884[*] http://ais.osym.gov.tr/
885[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/abf31102019.pdf
886[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/bm31102019.pdf
887[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/ebf31102019.pdf
888[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/kilavuz31102019.pdf
889[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/ABF17092019.pdf
890[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/basvurumerkezleri17092019.pdf
891[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/ebf17092019.pdf
892[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/kilavuz17092019.pdf
893[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/abf07112019.pdf
894[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bkilavuz07112019.pdf
895[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bm07112019.pdf
896[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/ebf07112019.pdf
897[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/abf25102019.pdf
898[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/basvurumerkezleri25102019.pdf
899[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/ebf25102019.pdf
900[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/kilavuz25102019.pdf
901[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/ysm25102019.pdf
902[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/dilekce07112019.pdf
903[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/kilavuz07112019.pdf
904[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/nitelikler07112019.pdf
905[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/tablo1_07112019.pdf
906[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/tablo2_07112019.pdf
907[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/abf09102019.pdf
908[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/bm09102019.pdf
909[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/ebf09102019.pdf
910[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/kilavuz09102019.pdf
911[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/ysm09102019.pdf
912[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/abf01112019.pdf
913[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/bm01112019.pdf
914[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/ebf01112019.pdf
915[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kilavuz01112019.pdf
916[*] http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kontenjanlartablosu01112019.pdf
917[*] http://gis.osym.gov.tr/
918[*] http://odeme.osym.gov.tr/
919[*] http://osym.gov.tr/TR,15045/osys-cikmis-sorular.html
920[*] http://osym.gov.tr/TR,15068/dgs-cikmis-sorular.html
921[*] http://osym.gov.tr/TR,15069/ales-cikmis-sorular.html
922[*] http://osym.gov.tr/TR,15070/dus-cikmis-sorular.html
923[*] http://osym.gov.tr/TR,15071/kpss-cikmis-sorular.html
924[*] http://osym.gov.tr/TR,15072/tus-cikmis-sorular.html
925[*] http://osym.gov.tr/TR,15073/yds-cikmis-sorular.html
926[*] http://osym.gov.tr/TR,15164/yks-cikmis-sorular.html
927[*] http://osym.gov.tr/TR,15209/msu-cikmis-sorular.html
928[*] http://sonuc.osym.gov.tr/
929[*] https://sonuc.osym.gov.tr/BelgeKontrol.aspx
930[*] https://tr-tr.facebook.com/OSYMBaskanligi
931[*] https://twitter.com/osymbaskanligi
932[*] https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBfTaCuPqjY0VmQlqOC9a8y2fx3R-YNJA8B6776O_YT_f4HEi_bJ_UHNOL3dz_H6gECb8H2eDUfJiGcSW8lHfvtOirTeSf3u2kPKplwi80P2fnp3sVkDDZptZ4RALOloKJoUujKgpKqRQFITNOJDQ-hqtg_ji98ieSMBSzKDkqLpew
933[*] https://www.youtube.com/channel/UCts6dvZTvwyaibUKHN0AYzA/featured
934[*] http://www.osym.gov.tr/
935[*] http://www.osym.gov.tr/#gecmis-sorular
936[*] http://www.osym.gov.tr/#Map
937[*] http://www.osym.gov.tr/#surekli-duyurular
938[*] http://www.osym.gov.tr/TR,10188/duyurular.html
939[*] http://www.osym.gov.tr/TR,125/ales.html
940[*] http://www.osym.gov.tr/TR,12674/e-sinav-merkezleri.html
941[*] http://www.osym.gov.tr/TR,13077/eus.html
942[*] http://www.osym.gov.tr/TR,13493/yks.html
943[*] http://www.osym.gov.tr/TR,13734/bilgilendirme-videolari.html
944[*] http://www.osym.gov.tr/TR,144/tus.html
945[*] http://www.osym.gov.tr/TR,15058/2017-ales-sonbahar-degerlendirme-raporu.html
946[*] http://www.osym.gov.tr/TR,15059/2017-dgs-degerlendirme-raporu.html
947[*] http://www.osym.gov.tr/TR,15060/engelisaglik-sorunu-veya-ozel-durumu-olan-adaylara-yapilan-sinav-uygulamalari.html
948[*] http://www.osym.gov.tr/TR,15061/2018-msu-degerlendirme-raporu.html
949[*] http://www.osym.gov.tr/TR,15062/2017-tus-ilkbahar-degerlendirme-raporu.html
950[*] http://www.osym.gov.tr/TR,15063/2017-e-yds-ingilizce-degerlendirme-raporu.html
951[*] http://www.osym.gov.tr/TR,15066/2017-tus-sonbahar-degerlendirme-raporu.html
952[*] http://www.osym.gov.tr/TR,15225/2017-oabt-degerlendirme-raporu.html
953[*] http://www.osym.gov.tr/TR,15256/2018-yks-degerlendirme-raporu.html
954[*] http://www.osym.gov.tr/TR,15429/2018-tus-ilkbahar-degerlendirme-raporu.html
955[*] http://www.osym.gov.tr/TR,15509/2018-ales2-degerlendirme-raporu.html
956[*] http://www.osym.gov.tr/TR,15581/2018-kpss-ortaogretim-degerlendirme-raporu.html
957[*] http://www.osym.gov.tr/TR,15636/2018-kpss-on-lisans-degerlendirme-raporu.html
958[*] http://www.osym.gov.tr/TR,15752/2019-msu-degerlendirme-raporu.html
959[*] http://www.osym.gov.tr/TR,15761/yokdil.html
960[*] http://www.osym.gov.tr/TR,16920/2019-yks-degerlendirme-raporu.html
961[*] http://www.osym.gov.tr/TR,16998/2019-yks-milli-sporcu-yerlestirme-sonuclari-aciklandi-04102019.html
962[*] http://www.osym.gov.tr/TR,17003/2019-yds3-basvurularinin-alinmasi-09102019.html
963[*] http://www.osym.gov.tr/TR,17006/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirilme-islemleri--11102019.html
964[*] http://www.osym.gov.tr/TR,17010/2019-dgs-ek-yerlestirme-sonuclari-aciklandi-14102019.html
965[*] http://www.osym.gov.tr/TR,17011/e-yds-201911-ingilizce-sinava-giris-belgeleri-aciklandi-16102019.html
966[*] http://www.osym.gov.tr/TR,17012/e-yds-201912-ingilizce-basvurularinin-alinmasi-16102019.html
967[*] http://www.osym.gov.tr/TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
968[*] http://www.osym.gov.tr/TR,17016/2019-dus-ve-2019-sts-dis-hekimligi-sinav-sonuclari-aciklandi-17102019.html
969[*] http://www.osym.gov.tr/TR,17017/2019-dus-ve-2019-sts-dis-hekimligi-sinavlari-cevap-kagitlari-ve-aday-cevaplari-erisime-acildi-17102019.html
970[*] http://www.osym.gov.tr/TR,17018/2018-ydus-ek-tercihlerin-alinmasi-18102019.html
971[*] http://www.osym.gov.tr/TR,17020/2019-elektronik-yabanci-dil-sinavi-e-yds-201911-ingilizce--sonuclari-aciklandi-19102019.html
972[*] http://www.osym.gov.tr/TR,17022/2019-tus-2-donem-tercihlerinin-alinmasi-23102019.html
973[*] http://www.osym.gov.tr/TR,17024/2019-yokdil-sinava-giris-belgeleri-aciklandi-24102019.html
974[*] http://www.osym.gov.tr/TR,17025/2019-isg-2-donem-basvurularinin-alinmasi-25102019.html
975[*] http://www.osym.gov.tr/TR,17029/2019-eus-yerlestirme-sonuclari-aciklandi-31102019.html
976[*] http://www.osym.gov.tr/TR,17030/2018-ydus-ek-yerlestirme-sonuclari-aciklandi-31102019.html
977[*] http://www.osym.gov.tr/TR,17031/2019-adalet-bakanligi-sinavlari-adli-yargiidari-yargiadli-yargi-avukat-basvurularinin-alinmasi-31102019.html
978[*] http://www.osym.gov.tr/TR,17032/2019-ydus-basvurularinin-alinmasi-01112019.html
979[*] http://www.osym.gov.tr/TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
980[*] http://www.osym.gov.tr/TR,17042/2019-yokdil-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-31102019.html
981[*] http://www.osym.gov.tr/TR,17043/2019-tus-2-donem-tercih-islemleri-31102019.html
982[*] http://www.osym.gov.tr/TR,17044/2019-yokdil-temel-soru-kitapciklari-ve-cevap-anahtarlari-yayimlandi-04112019.html
983[*] http://www.osym.gov.tr/TR,17048/e-yds-201912-ingilizce-sinava-giris-belgeleri-aciklandi-06112019.html
984[*] http://www.osym.gov.tr/TR,17049/kpss-20195-tarim-ve-orman-bakanligi-meteoroloji-genel-mudurlugunun-sozlesmeli-pozisyonlarina-yerlestirme-yapmak-icin-adaylardan-tercih-alinmasi-07112019.html
985[*] http://www.osym.gov.tr/TR,17057/2019-adalet-bakanligi-icra-mudur-ve-icra-mudur-yardimcilarini-secme-sinavi-basvurularinin-alinmasi-07112019.html
986[*] http://www.osym.gov.tr/TR,17059/2019-ales3-sinava-giris-belgeleri-aciklandi-07112019.html
987[*] http://www.osym.gov.tr/TR,17060/2019-kaymakamlik-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-07112019.html
988[*] http://www.osym.gov.tr/TR,17061/2019-elektronik-yabanci-dil-sinavi-e-yds-201912-ingilizce--sonuclari-aciklandi-09112019.html
989[*] http://www.osym.gov.tr/TR,17062/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirme-sonuclari-aciklandi-08112019.html
990[*] http://www.osym.gov.tr/TR,17065/2019-tus-2-donem-yerlestirme-sonuclari-aciklandi-08112019.html
991[*] http://www.osym.gov.tr/TR,184/yds.html
992[*] http://www.osym.gov.tr/TR,262/dgs.html
993[*] http://www.osym.gov.tr/TR,281/ydus.html
994[*] http://www.osym.gov.tr/TR,297/dus.html
995[*] http://www.osym.gov.tr/TR,315/kurum-sinavlari-ve-digerleri.html
996[*] http://www.osym.gov.tr/TR,546/internet-erisim-sifresi-30062015.html
997[*] http://www.osym.gov.tr/TR,62/kpss.html
998[*] http://www.osym.gov.tr/TR,6547/arastirma-yayin-ve-istatistikler.html
999[*] http://www.osym.gov.tr/TR,757/arsiv.html
1000[*] http://www.osym.gov.tr/TR,8789/hakkinda.html
1001[*] http://www.osym.gov.tr/TR,8790/teskilat.html
1002[*] http://www.osym.gov.tr/TR,8791/mevzuat.html
1003[*] http://www.osym.gov.tr/TR,8794/iletisim.html
1004[*] http://www.osym.gov.tr/TR,8797/takvim.html
1005[*] http://www.osym.gov.tr/TR,8799/sikca-sorulan-sorular.html
1006[*] http://www.osym.gov.tr/TR,9095/basin-odasi.html
1007[*] http://www.osym.gov.tr/TR,9279/koordinatorlukler.html
1008[*] http://www.osym.gov.tr/TR,97/ekpss.html
1009[*] http://www.osym.gov.tr/#yakindakiler
1010cut: intervalle de champ incorrecte
1011Saisissez « cut --help » pour plus d'informations.
1012[INFO] Shodan detected the following opened ports on 213.14.221.20:
1013[*] 443
1014[*] 50
1015[INFO] ------VirusTotal SECTION------
1016[INFO] VirusTotal passive DNS only stores address records. The following domains resolved to the given IP address:
1017[INFO] Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset:
1018[INFO] Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided:
1019[INFO] ------Alexa Rank SECTION------
1020[INFO] Percent of Visitors Rank in Country:
1021[INFO] Percent of Search Traffic:
1022[INFO] Percent of Unique Visits:
1023[INFO] Total Sites Linking In:
1024[*] Total Sites
1025[INFO] Useful links related to www.osym.gov.tr - 213.14.221.20:
1026[*] https://www.virustotal.com/pt/ip-address/213.14.221.20/information/
1027[*] https://www.hybrid-analysis.com/search?host=213.14.221.20
1028[*] https://www.shodan.io/host/213.14.221.20
1029[*] https://www.senderbase.org/lookup/?search_string=213.14.221.20
1030[*] https://www.alienvault.com/open-threat-exchange/ip/213.14.221.20
1031[*] http://pastebin.com/search?q=213.14.221.20
1032[*] http://urlquery.net/search.php?q=213.14.221.20
1033[*] http://www.alexa.com/siteinfo/www.osym.gov.tr
1034[*] http://www.google.com/safebrowsing/diagnostic?site=www.osym.gov.tr
1035[*] https://censys.io/ipv4/213.14.221.20
1036[*] https://www.abuseipdb.com/check/213.14.221.20
1037[*] https://urlscan.io/search/#213.14.221.20
1038[*] https://github.com/search?q=213.14.221.20&type=Code
1039[INFO] Useful links related to AS35619 - 213.0.0.0/8:
1040[*] http://www.google.com/safebrowsing/diagnostic?site=AS:35619
1041[*] https://www.senderbase.org/lookup/?search_string=213.0.0.0/8
1042[*] http://bgp.he.net/AS35619
1043[*] https://stat.ripe.net/AS35619
1044[INFO] Date: 11/11/19 | Time: 01:04:02
1045[INFO] Total time: 2 minute(s) and 24 second(s)
1046######################################################################################################################################
1047Trying "osym.gov.tr"
1048;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37079
1049;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 2, ADDITIONAL: 2
1050
1051;; QUESTION SECTION:
1052;osym.gov.tr. IN ANY
1053
1054;; ANSWER SECTION:
1055osym.gov.tr. 3600 IN RP murat.dorterler\@osym.gov.tr. .
1056osym.gov.tr. 3600 IN TXT "e9TIbVJTM6ULHH8HWY+2851pUjU77rB0y1HdbCmpdEM="
1057osym.gov.tr. 3600 IN TXT "1aJCOdSACpCMv2hWUZafWc863NVkxyW35Ma7fkTv3Cs="
1058osym.gov.tr. 3600 IN TXT "IxRF+DwPI4foe+Jk7sb1U6WNCJ0SHxzI3FT5cKrabYc="
1059osym.gov.tr. 3600 IN TXT "v=spf1 a mx a:postamx.osym.gov.tr a:osymsmtp.osym.gov.tr a:smtpapp.osym.gov.tr -all"
1060osym.gov.tr. 3600 IN TXT "v=DMARC1; p=quarantine; sp=quarantine; rf=afrf; pct=100; ri=86400"
1061osym.gov.tr. 3600 IN MX 10 postamx.osym.gov.tr.
1062osym.gov.tr. 3600 IN SOA ns1.osym.gov.tr. osym.gov.tr. 2013102418 3600 600 1209600 3600
1063osym.gov.tr. 3600 IN A 213.14.221.20
1064osym.gov.tr. 3600 IN NS ns1.osym.gov.tr.
1065osym.gov.tr. 3600 IN NS ns2.osym.gov.tr.
1066
1067;; AUTHORITY SECTION:
1068osym.gov.tr. 3600 IN NS ns1.osym.gov.tr.
1069osym.gov.tr. 3600 IN NS ns2.osym.gov.tr.
1070
1071;; ADDITIONAL SECTION:
1072ns2.osym.gov.tr. 42907 IN A 213.14.221.102
1073ns1.osym.gov.tr. 42907 IN A 213.14.221.101
1074
1075Received 588 bytes from 2001:18c0:121:6900:724f:b8ff:fefd:5b6a#53 in 51 ms
1076######################################################################################################################################
1077
1078; <<>> DiG 9.11.5-P4-5.1+b1-Debian <<>> +trace osym.gov.tr any
1079;; global options: +cmd
1080. 79910 IN NS i.root-servers.net.
1081. 79910 IN NS e.root-servers.net.
1082. 79910 IN NS g.root-servers.net.
1083. 79910 IN NS m.root-servers.net.
1084. 79910 IN NS d.root-servers.net.
1085. 79910 IN NS h.root-servers.net.
1086. 79910 IN NS c.root-servers.net.
1087. 79910 IN NS j.root-servers.net.
1088. 79910 IN NS l.root-servers.net.
1089. 79910 IN NS b.root-servers.net.
1090. 79910 IN NS f.root-servers.net.
1091. 79910 IN NS k.root-servers.net.
1092. 79910 IN NS a.root-servers.net.
1093. 79910 IN RRSIG NS 8 0 518400 20191123170000 20191110160000 22545 . ZeVbhDFph+vUqvs60OAMqViL/aSxI7vAC8GFp6jYSXiXm+pSoer4Y+8O xPOFjG7rA6+ZegOrI8vGMrvJ7f9vGUo9ebewCrbfFxHGSmU2B6KBLT35 wpE/XYcFGezT9F5Uss1sDHzx8eOxoWlhqyvaWOUx8XheVU0ELi6vKNLj zwO0tbujjREOoAURsQ6bMd95xvK3OCwp30a2E3x3hTd2fsE4/by4CJRg jWQ3gzvkjwHAcZnkFxOi+v4w9fcTJHce6klv4sltucwGR5FNHeenMxSt Lelk2HKGWBOlBcp+aJYfcMSoOheIeH/rz0N5xJDtAuY42efakHB8OeI9 MLfeyQ==
1094;; Received 525 bytes from 185.93.180.131#53(185.93.180.131) in 322 ms
1095
1096tr. 172800 IN NS ns21.nic.tr.
1097tr. 172800 IN NS ns22.nic.tr.
1098tr. 172800 IN NS ns31.nic.tr.
1099tr. 172800 IN NS ns41.nic.tr.
1100tr. 172800 IN NS ns42.nic.tr.
1101tr. 172800 IN NS ns91.nic.tr.
1102tr. 172800 IN NS ns92.nic.tr.
1103tr. 86400 IN NSEC trade. NS RRSIG NSEC
1104tr. 86400 IN RRSIG NSEC 8 1 86400 20191123170000 20191110160000 22545 . ZX9budCWY+WDrG8oqYujk/WJsTbFnaMLZLVOMdG9Y9AV3vPuDht3vUq3 xKlufTRLLc19evGs9p3/aJHdBlClv+kPc76/KU54uVhtTaNXVroUnTfp JVQvH+0Bf41ECaTjefTjfaJutqx8ETDeflCQV+zMVVZ8mlgxzAci8ufE FMutFR5oErOqQiwQa1M8SFNDvnyjejJmHCMvma7fXD4CURQsJfcrEbDd wvYszKVCXY1lwB5CdV5586y5q/tLFQSVvxrytZ2W7Gyhx/dNDa+cXUsT jxg5h3WLqZF7nE0Jc6ukPAVFLN1i+qe+/lSO5udDQbSX0cRR3PA+blKR aZ/J+A==
1105;; Received 715 bytes from 2001:500:a8::e#53(e.root-servers.net) in 25 ms
1106
1107osym.gov.tr. 43200 IN NS ns4.osym.gov.tr.
1108osym.gov.tr. 43200 IN NS ns5.osym.gov.tr.
1109osym.gov.tr. 43200 IN NS ns1.osym.gov.tr.
1110osym.gov.tr. 43200 IN NS ns2.osym.gov.tr.
1111;; Received 176 bytes from 31.210.155.2#53(ns31.nic.tr) in 583 ms
1112
1113osym.gov.tr. 3600 IN A 213.14.221.20
1114osym.gov.tr. 3600 IN NS ns1.osym.gov.tr.
1115osym.gov.tr. 3600 IN NS ns2.osym.gov.tr.
1116osym.gov.tr. 3600 IN SOA ns1.osym.gov.tr. osym.gov.tr. 2013102418 3600 600 1209600 3600
1117osym.gov.tr. 3600 IN MX 10 postamx.osym.gov.tr.
1118osym.gov.tr. 3600 IN TXT "v=spf1 a mx a:postamx.osym.gov.tr a:osymsmtp.osym.gov.tr a:smtpapp.osym.gov.tr -all"
1119osym.gov.tr. 3600 IN TXT "e9TIbVJTM6ULHH8HWY+2851pUjU77rB0y1HdbCmpdEM="
1120osym.gov.tr. 3600 IN TXT "IxRF+DwPI4foe+Jk7sb1U6WNCJ0SHxzI3FT5cKrabYc="
1121osym.gov.tr. 3600 IN TXT "v=DMARC1; p=quarantine; sp=quarantine; rf=afrf; pct=100; ri=86400"
1122osym.gov.tr. 3600 IN TXT "1aJCOdSACpCMv2hWUZafWc863NVkxyW35Ma7fkTv3Cs="
1123osym.gov.tr. 3600 IN RP murat.dorterler\@osym.gov.tr. .
1124;; Received 593 bytes from 213.14.221.102#53(ns2.osym.gov.tr) in 430 ms
1125#####################################################################################################################################
1126[*] Performing General Enumeration of Domain: osym.gov.tr
1127[-] DNSSEC is not configured for osym.gov.tr
1128[*] SOA ns1.osym.gov.tr 213.14.221.101
1129[*] NS ns2.osym.gov.tr 213.14.221.102
1130[*] NS ns5.osym.gov.tr 212.175.138.222
1131[*] NS ns4.osym.gov.tr 212.175.138.221
1132[*] NS ns1.osym.gov.tr 213.14.221.101
1133[-] Recursion enabled on NS Server 213.14.221.101
1134[*] MX postamx.osym.gov.tr 213.14.221.133
1135[*] A osym.gov.tr 213.14.221.20
1136[*] TXT osym.gov.tr IxRF+DwPI4foe+Jk7sb1U6WNCJ0SHxzI3FT5cKrabYc=
1137[*] TXT osym.gov.tr v=DMARC1; p=quarantine; sp=quarantine; rf=afrf; pct=100; ri=86400
1138[*] TXT osym.gov.tr e9TIbVJTM6ULHH8HWY+2851pUjU77rB0y1HdbCmpdEM=
1139[*] TXT osym.gov.tr 1aJCOdSACpCMv2hWUZafWc863NVkxyW35Ma7fkTv3Cs=
1140[*] TXT osym.gov.tr v=spf1 a mx a:postamx.osym.gov.tr a:osymsmtp.osym.gov.tr a:smtpapp.osym.gov.tr -all
1141[*] Enumerating SRV Records
1142[*] SRV _sip._tls.osym.gov.tr sip.osym.gov.tr no_ip 443 0
1143[*] SRV _sipfederationtls._tcp.osym.gov.tr sip.osym.gov.tr no_ip 5061 0
1144[+] 2 Records Found
1145######################################################################################################################################
1146[*] Processing domain osym.gov.tr
1147[*] Using system resolvers ['185.93.180.131', '194.187.251.67', '38.132.106.139', '192.168.0.1', '2001:18c0:121:6900:724f:b8ff:fefd:5b6a', '2001:18c0:ffe0:2::2', '2001:18c0:ffe0:3::2', '2001:18c0:ffe0:1::2']
1148[+] Getting nameservers
1149213.14.221.102 - ns2.osym.gov.tr
1150212.175.138.222 - ns5.osym.gov.tr
1151212.175.138.221 - ns4.osym.gov.tr
1152213.14.221.101 - ns1.osym.gov.tr
1153[-] Zone transfer failed
1154
1155[+] TXT records found
1156"IxRF+DwPI4foe+Jk7sb1U6WNCJ0SHxzI3FT5cKrabYc="
1157"v=DMARC1; p=quarantine; sp=quarantine; rf=afrf; pct=100; ri=86400"
1158"e9TIbVJTM6ULHH8HWY+2851pUjU77rB0y1HdbCmpdEM="
1159"1aJCOdSACpCMv2hWUZafWc863NVkxyW35Ma7fkTv3Cs="
1160"v=spf1 a mx a:postamx.osym.gov.tr a:osymsmtp.osym.gov.tr a:smtpapp.osym.gov.tr -all"
1161
1162[+] MX records found, added to target list
116310 postamx.osym.gov.tr.
1164
1165[*] Scanning osym.gov.tr for A records
1166213.14.221.20 - osym.gov.tr
1167213.14.221.133 - postamx.osym.gov.tr
1168213.14.221.134 - autodiscover.osym.gov.tr
1169213.14.221.8 - gis.osym.gov.tr
1170213.14.221.138 - mobil.osym.gov.tr
1171213.14.221.101 - ns1.osym.gov.tr
1172213.14.221.102 - ns2.osym.gov.tr
1173212.175.138.221 - ns4.osym.gov.tr
1174212.175.138.222 - ns5.osym.gov.tr
1175213.14.221.135 - vps.osym.gov.tr
1176213.14.221.20 - www.osym.gov.tr
1177######################################################################################################################################
1178 AVAILABLE PLUGINS
1179 -----------------
1180
1181 OpenSslCcsInjectionPlugin
1182 SessionResumptionPlugin
1183 HttpHeadersPlugin
1184 EarlyDataPlugin
1185 CompressionPlugin
1186 OpenSslCipherSuitesPlugin
1187 RobotPlugin
1188 HeartbleedPlugin
1189 CertificateInfoPlugin
1190 SessionRenegotiationPlugin
1191 FallbackScsvPlugin
1192
1193
1194
1195 CHECKING HOST(S) AVAILABILITY
1196 -----------------------------
1197
1198 213.14.221.20:443 => 213.14.221.20
1199
1200
1201
1202
1203 SCAN RESULTS FOR 213.14.221.20:443 - 213.14.221.20
1204 --------------------------------------------------
1205
1206 * TLS 1.2 Session Resumption Support:
1207 With Session IDs: OK - Supported (5 successful, 0 failed, 0 errors, 5 total attempts).
1208 With TLS Tickets: NOT SUPPORTED - TLS ticket not assigned.
1209
1210 * Session Renegotiation:
1211 Client-initiated Renegotiation: OK - Rejected
1212 Secure Renegotiation: VULNERABLE - Secure renegotiation not supported
1213
1214 * Downgrade Attacks:
1215 TLS_FALLBACK_SCSV: OK - Supported
1216
1217 * SSLV2 Cipher Suites:
1218 Server rejected all cipher suites.
1219
1220 * OpenSSL CCS Injection:
1221 OK - Not vulnerable to OpenSSL CCS injection
1222
1223 * TLSV1_3 Cipher Suites:
1224 Server rejected all cipher suites.
1225
1226 * Certificate Information:
1227 Content
1228 SHA1 Fingerprint: 99d7aa9e17925e74e670d2f436b5fac2bb5d8595
1229 Common Name: www.osym.gov.tr
1230 Issuer: GlobalSign Extended Validation CA - SHA256 - G3
1231 Serial Number: 12034023797640855423959704994
1232 Not Before: 2018-07-13 15:46:20
1233 Not After: 2020-07-13 15:46:20
1234 Signature Algorithm: sha256
1235 Public Key Algorithm: RSA
1236 Key Size: 2048
1237 Exponent: 65537 (0x10001)
1238 DNS Subject Alternative Names: ['www.osym.gov.tr', 'gis.osym.gov.tr', 'sonuc.osym.gov.tr', 'odeme.osym.gov.tr', 'ais.osym.gov.tr', 'owa.osym.gov.tr', 'mail.osym.gov.tr', 'autodiscover.osym.gov.tr', 'osym.gov.tr']
1239
1240 Trust
1241 Hostname Validation: FAILED - Certificate does NOT match 213.14.221.20
1242 Android CA Store (9.0.0_r9): OK - Certificate is trusted
1243 Apple CA Store (iOS 12, macOS 10.14, watchOS 5, and tvOS 12):OK - Certificate is trusted
1244 Java CA Store (jdk-12.0.1): OK - Certificate is trusted
1245 Mozilla CA Store (2019-03-14): OK - Certificate is trusted, Extended Validation
1246 Windows CA Store (2019-05-27): OK - Certificate is trusted
1247 Symantec 2018 Deprecation: WARNING: Certificate distrusted by Google and Mozilla on September 2018
1248 Received Chain: www.osym.gov.tr --> GlobalSign Extended Validation CA - SHA256 - G3
1249 Verified Chain: www.osym.gov.tr --> GlobalSign Extended Validation CA - SHA256 - G3 --> GlobalSign
1250 Received Chain Contains Anchor: OK - Anchor certificate not sent
1251 Received Chain Order: OK - Order is valid
1252 Verified Chain contains SHA1: OK - No SHA1-signed certificate in the verified certificate chain
1253
1254 Extensions
1255 OCSP Must-Staple: NOT SUPPORTED - Extension not found
1256 Certificate Transparency: OK - 3 SCTs included
1257
1258 OCSP Stapling
1259 NOT SUPPORTED - Server did not send back an OCSP response
1260
1261 * SSLV3 Cipher Suites:
1262 Server rejected all cipher suites.
1263
1264 * Deflate Compression:
1265 OK - Compression disabled
1266
1267 * TLSV1_1 Cipher Suites:
1268 Forward Secrecy OK - Supported
1269 RC4 OK - Not Supported
1270
1271 Preferred:
1272 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1273 Accepted:
1274 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1275 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1276 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1277 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1278 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1279 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1280
1281 * OpenSSL Heartbleed:
1282 OK - Not vulnerable to Heartbleed
1283
1284 * TLSV1_2 Cipher Suites:
1285 Forward Secrecy OK - Supported
1286 RC4 OK - Not Supported
1287
1288 Preferred:
1289 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1290 Accepted:
1291 TLS_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1292 TLS_RSA_WITH_AES_256_CBC_SHA256 256 bits HTTP 200 OK
1293 TLS_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1294 TLS_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1295 TLS_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1296 TLS_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1297 TLS_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1298 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 256 bits HTTP 200 OK
1299 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 256 bits HTTP 200 OK
1300 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 256 bits HTTP 200 OK
1301 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 128 bits HTTP 200 OK
1302 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 128 bits HTTP 200 OK
1303 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 128 bits HTTP 200 OK
1304 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 112 bits HTTP 200 OK
1305
1306 * ROBOT Attack:
1307 OK - Not vulnerable
1308
1309 * TLSV1 Cipher Suites:
1310 Server rejected all cipher suites.
1311
1312
1313 SCAN COMPLETED IN 33.95 S
1314 -------------------------
1315######################################################################################################################################
1316
1317Domains still to check: 1
1318 Checking if the hostname osym.gov.tr. given is in fact a domain...
1319
1320Analyzing domain: osym.gov.tr.
1321 Checking NameServers using system default resolver...
1322 IP: 213.14.221.102 (Turkey)
1323 HostName: ns2.osym.gov.tr Type: NS
1324 HostName: ns2.osym.gov.tr Type: PTR
1325 IP: 212.175.138.222 (Turkey)
1326 HostName: ns5.osym.gov.tr Type: NS
1327 IP: 212.175.138.221 (Turkey)
1328 HostName: ns4.osym.gov.tr Type: NS
1329 IP: 213.14.221.101 (Turkey)
1330 HostName: ns1.osym.gov.tr Type: NS
1331 HostName: ns1.osym.gov.tr Type: PTR
1332
1333 Checking MailServers using system default resolver...
1334 IP: 213.14.221.133 (Turkey)
1335 HostName: postamx.osym.gov.tr Type: MX
1336 HostName: postamx.osym.gov.tr Type: PTR
1337
1338 Checking the zone transfer for each NS... (if this takes more than 10 seconds, just hit CTRL-C and it will continue. Bug in the libs)
1339 No zone transfer found on nameserver 213.14.221.101
1340 No zone transfer found on nameserver 213.14.221.102
1341 No zone transfer found on nameserver 212.175.138.222
1342 No zone transfer found on nameserver 212.175.138.221
1343
1344 Checking SPF record...
1345 New hostname found: postamx
1346 New hostname found: osymsmtp
1347 New hostname found: smtpapp
1348
1349 Checking 195 most common hostnames using system default resolver...
1350 IP: 213.14.221.20 (Turkey)
1351 HostName: www.osym.gov.tr. Type: A
1352 IP: 213.14.221.101 (Turkey)
1353 HostName: ns1.osym.gov.tr Type: NS
1354 HostName: ns1.osym.gov.tr Type: PTR
1355 HostName: ns1.osym.gov.tr. Type: A
1356 IP: 213.14.221.102 (Turkey)
1357 HostName: ns2.osym.gov.tr Type: NS
1358 HostName: ns2.osym.gov.tr Type: PTR
1359 HostName: ns2.osym.gov.tr. Type: A
1360 IP: 213.14.221.133 (Turkey)
1361 HostName: postamx.osym.gov.tr Type: MX
1362 HostName: postamx.osym.gov.tr Type: PTR
1363 HostName: postamx.osym.gov.tr. Type: A
1364 IP: 213.14.221.251 (Turkey)
1365 HostName: smtpapp.osym.gov.tr. Type: A
1366
1367 Checking with nmap the reverse DNS hostnames of every <ip>/24 netblock using system default resolver...
1368 Checking netblock 212.175.138.0
1369 Checking netblock 213.14.221.0
1370
1371 Searching for osym.gov.tr. emails in Google
1372 osym@osym.gov.tr:
1373
1374 Checking 7 active hosts using nmap... (nmap -sn -n -v -PP -PM -PS80,25 -PA -PY -PU53,40125 -PE --reason <ip> -oA <output_directory>/nmap/<ip>.sn)
1375 Host 212.175.138.222 is up (reset ttl 64)
1376 Host 212.175.138.221 is up (reset ttl 64)
1377 Host 213.14.221.133 is up (reset ttl 64)
1378 Host 213.14.221.101 is up (reset ttl 64)
1379 Host 213.14.221.102 is up (reset ttl 64)
1380 Host 213.14.221.251 is up (reset ttl 64)
1381 Host 213.14.221.20 is up (reset ttl 64)
1382
1383 Checking ports on every active host using nmap... (nmap -O --reason --webxml --traceroute -sS -sV -sC -Pn -n -v -F <ip> -oA <output_directory>/nmap/<ip>)
1384 Scanning ip 212.175.138.222 (ns5.osym.gov.tr):
1385 Scanning ip 212.175.138.221 (ns4.osym.gov.tr):
1386 Scanning ip 213.14.221.133 (postamx.osym.gov.tr.):
1387 Scanning ip 213.14.221.101 (ns1.osym.gov.tr.):
1388 53/tcp open domain? syn-ack ttl 108
1389 Scanning ip 213.14.221.102 (ns2.osym.gov.tr.):
1390 53/tcp open domain? syn-ack ttl 107
1391 Scanning ip 213.14.221.251 (smtpapp.osym.gov.tr.):
1392 Scanning ip 213.14.221.20 (www.osym.gov.tr.):
1393 80/tcp open http syn-ack ttl 234 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1394 |_http-favicon: Unknown favicon MD5: 81B5BA54EA89D8C0CD27578BC91E75B6
1395 | http-methods:
1396 |_ Supported Methods: GET HEAD POST OPTIONS
1397 |_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
1398 443/tcp open ssl/http syn-ack ttl 234 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1399 |_http-favicon: Unknown favicon MD5: AFB6EFDAA465C41EDFB7090FA54176DB
1400 | http-methods:
1401 |_ Supported Methods: HEAD POST OPTIONS
1402 |_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
1403 | ssl-cert: Subject: commonName=www.osym.gov.tr/organizationName=Olcme, Secme ve Yerlestirme Merkezi Baskanligi/stateOrProvinceName=Ankara/countryName=TR
1404 | Subject Alternative Name: DNS:www.osym.gov.tr, DNS:gis.osym.gov.tr, DNS:sonuc.osym.gov.tr, DNS:odeme.osym.gov.tr, DNS:ais.osym.gov.tr, DNS:owa.osym.gov.tr, DNS:mail.osym.gov.tr, DNS:autodiscover.osym.gov.tr, DNS:osym.gov.tr
1405 | Issuer: commonName=GlobalSign Extended Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1406 | Public Key type: rsa
1407 | Public Key bits: 2048
1408 | Signature Algorithm: sha256WithRSAEncryption
1409 | Not valid before: 2018-07-13T15:46:20
1410 | Not valid after: 2020-07-13T15:46:20
1411 | MD5: c8b4 1541 254f 62fd c8c1 cd79 77d7 f3c3
1412 |_SHA-1: 99d7 aa9e 1792 5e74 e670 d2f4 36b5 fac2 bb5d 8595
1413 |_ssl-date: 2019-11-11T06:33:13+00:00; -1s from scanner time.
1414 | tls-alpn:
1415 |_ http/1.1
1416 Device type: general purpose|load balancer
1417 OS Info: Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1418 |_clock-skew: -1s
1419 WebCrawling domain's web servers... up to 50 max links.
1420
1421 + URL to crawl: http://www.osym.gov.tr.
1422 + Date: 2019-11-11
1423
1424 + Crawling URL: http://www.osym.gov.tr.:
1425 + Links:
1426 + Crawling http://www.osym.gov.tr. (400 Bad Request)
1427 + Searching for directories...
1428 + Searching open folders...
1429
1430
1431 + URL to crawl: https://www.osym.gov.tr.
1432 + Date: 2019-11-11
1433
1434 + Crawling URL: https://www.osym.gov.tr.:
1435 + Links:
1436 + Crawling https://www.osym.gov.tr.
1437 + Searching for directories...
1438 + Searching open folders...
1439
1440--Finished--
1441Summary information for domain osym.gov.tr.
1442-----------------------------------------
1443 Domain Specific Information:
1444 Email: osym@osym.gov.tr:
1445
1446 Domain Ips Information:
1447 IP: 212.175.138.222
1448 HostName: ns5.osym.gov.tr Type: NS
1449 Country: Turkey
1450 Is Active: True (reset ttl 64)
1451 IP: 212.175.138.221
1452 HostName: ns4.osym.gov.tr Type: NS
1453 Country: Turkey
1454 Is Active: True (reset ttl 64)
1455 IP: 213.14.221.133
1456 HostName: postamx.osym.gov.tr Type: MX
1457 HostName: postamx.osym.gov.tr Type: PTR
1458 HostName: postamx.osym.gov.tr. Type: A
1459 Country: Turkey
1460 Is Active: True (reset ttl 64)
1461 IP: 213.14.221.101
1462 HostName: ns1.osym.gov.tr Type: NS
1463 HostName: ns1.osym.gov.tr Type: PTR
1464 HostName: ns1.osym.gov.tr. Type: A
1465 Country: Turkey
1466 Is Active: True (reset ttl 64)
1467 Port: 53/tcp open domain? syn-ack ttl 108
1468 IP: 213.14.221.102
1469 HostName: ns2.osym.gov.tr Type: NS
1470 HostName: ns2.osym.gov.tr Type: PTR
1471 HostName: ns2.osym.gov.tr. Type: A
1472 Country: Turkey
1473 Is Active: True (reset ttl 64)
1474 Port: 53/tcp open domain? syn-ack ttl 107
1475 IP: 213.14.221.251
1476 HostName: smtpapp.osym.gov.tr. Type: A
1477 Country: Turkey
1478 Is Active: True (reset ttl 64)
1479 IP: 213.14.221.20
1480 HostName: www.osym.gov.tr. Type: A
1481 Country: Turkey
1482 Is Active: True (reset ttl 64)
1483 Port: 80/tcp open http syn-ack ttl 234 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1484 Script Info: |_http-favicon: Unknown favicon MD5: 81B5BA54EA89D8C0CD27578BC91E75B6
1485 Script Info: | http-methods:
1486 Script Info: |_ Supported Methods: GET HEAD POST OPTIONS
1487 Script Info: |_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
1488 Port: 443/tcp open ssl/http syn-ack ttl 234 Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
1489 Script Info: |_http-favicon: Unknown favicon MD5: AFB6EFDAA465C41EDFB7090FA54176DB
1490 Script Info: | http-methods:
1491 Script Info: |_ Supported Methods: HEAD POST OPTIONS
1492 Script Info: |_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
1493 Script Info: | ssl-cert: Subject: commonName=www.osym.gov.tr/organizationName=Olcme, Secme ve Yerlestirme Merkezi Baskanligi/stateOrProvinceName=Ankara/countryName=TR
1494 Script Info: | Subject Alternative Name: DNS:www.osym.gov.tr, DNS:gis.osym.gov.tr, DNS:sonuc.osym.gov.tr, DNS:odeme.osym.gov.tr, DNS:ais.osym.gov.tr, DNS:owa.osym.gov.tr, DNS:mail.osym.gov.tr, DNS:autodiscover.osym.gov.tr, DNS:osym.gov.tr
1495 Script Info: | Issuer: commonName=GlobalSign Extended Validation CA - SHA256 - G3/organizationName=GlobalSign nv-sa/countryName=BE
1496 Script Info: | Public Key type: rsa
1497 Script Info: | Public Key bits: 2048
1498 Script Info: | Signature Algorithm: sha256WithRSAEncryption
1499 Script Info: | Not valid before: 2018-07-13T15:46:20
1500 Script Info: | Not valid after: 2020-07-13T15:46:20
1501 Script Info: | MD5: c8b4 1541 254f 62fd c8c1 cd79 77d7 f3c3
1502 Script Info: |_SHA-1: 99d7 aa9e 1792 5e74 e670 d2f4 36b5 fac2 bb5d 8595
1503 Script Info: |_ssl-date: 2019-11-11T06:33:13+00:00; -1s from scanner time.
1504 Script Info: | tls-alpn:
1505 Script Info: |_ http/1.1
1506 Script Info: Device type: general purpose|load balancer
1507 Os Info: OS: Windows; CPE: cpe:/o:microsoft:windows
1508 Script Info: |_clock-skew: -1s
1509
1510--------------End Summary --------------
1511-----------------------------------------
1512#####################################################################################################################################
1513----- osym.gov.tr -----
1514
1515
1516Host's addresses:
1517__________________
1518
1519osym.gov.tr. 2615 IN A 213.14.221.20
1520
1521
1522Name Servers:
1523______________
1524
1525ns2.osym.gov.tr. 42211 IN A 213.14.221.102
1526ns5.osym.gov.tr. 42205 IN A 212.175.138.222
1527ns4.osym.gov.tr. 42211 IN A 212.175.138.221
1528ns1.osym.gov.tr. 3094 IN A 213.14.221.101
1529
1530
1531Mail (MX) Servers:
1532___________________
1533
1534postamx.osym.gov.tr. 3462 IN A 213.14.221.133
1535
1536
1537Trying Zone Transfers and getting Bind Versions:
1538_________________________________________________
1539
1540
1541
1542Trying Zone Transfer for osym.gov.tr on ns4.osym.gov.tr ...
1543Trying Zone Transfer for osym.gov.tr on ns5.osym.gov.tr ...
1544
1545
1546Scraping osym.gov.tr subdomains from Google:
1547_____________________________________________
1548
1549
1550 ---- Google search page: 1 ----
1551
1552 esinav
1553
1554 ---- Google search page: 2 ----
1555
1556 dokuman
1557
1558 ---- Google search page: 3 ----
1559
1560 dokuman
1561
1562 ---- Google search page: 4 ----
1563
1564 dokuman
1565 dokuman
1566 dokuman
1567 dokuman
1568 dokuman
1569
1570 ---- Google search page: 5 ----
1571
1572 dokuman
1573 dokuman
1574
1575
1576Google Results:
1577________________
1578
1579dokuman.osym.gov.tr. 2595 IN A 213.14.221.140
1580esinav.osym.gov.tr. 3600 IN A 213.14.221.145
1581#####################################################################################################################################
1582traceroute to www.osym.gov.tr (213.14.221.20), 30 hops max, 60 byte packets
1583 1 10.249.204.1 (10.249.204.1) 215.273 ms 215.262 ms 215.239 ms
1584 2 213.184.122.97 (213.184.122.97) 215.286 ms 215.261 ms 215.242 ms
1585 3 bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9) 215.102 ms 215.116 ms 215.041 ms
1586 4 bzq-219-189-185.dsl.bezeqint.net (62.219.189.185) 321.122 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185) 214.981 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185) 321.091 ms
1587 5 bzq-179-124-153.cust.bezeqint.net (212.179.124.153) 321.068 ms bzq-219-189-14.cablep.bezeqint.net (62.219.189.14) 321.077 ms bzq-219-189-230.cablep.bezeqint.net (62.219.189.230) 440.757 ms
1588 6 bzq-219-189-14.cablep.bezeqint.net (62.219.189.14) 440.750 ms bzq-219-189-17.dsl.bezeqint.net (62.219.189.17) 218.055 ms bzq-219-189-126.dsl.bezeqint.net (62.219.189.126) 218.007 ms
1589 7 et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 271.335 ms 271.334 ms 271.290 ms
1590 8 et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 271.284 ms et-0-0-67.cr2-fra2.ip4.gtt.net (141.136.110.54) 271.181 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 271.237 ms
1591 9 if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 379.166 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 379.191 ms 274.575 ms
159210 ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 274.516 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 319.833 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 274.448 ms
159311 5.23.0.42 (5.23.0.42) 274.514 ms 319.668 ms 314.670 ms
1594######################################################################################################################################
1595traceroute to www.osym.gov.tr (213.14.221.20), 30 hops max, 60 byte packets
1596 1 10.249.204.1 (10.249.204.1) 207.846 ms 207.824 ms 207.817 ms
1597 2 213.184.122.97 (213.184.122.97) 207.875 ms 207.864 ms 207.856 ms
1598 3 bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9) 207.746 ms 207.740 ms 207.759 ms
1599 4 bzq-179-124-185.cust.bezeqint.net (212.179.124.185) 207.711 ms 207.704 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185) 272.497 ms
1600 5 bzq-219-189-14.cablep.bezeqint.net (62.219.189.14) 272.533 ms bzq-114-65-1.cust.bezeqint.net (192.114.65.1) 272.495 ms bzq-179-124-190.cust.bezeqint.net (212.179.124.190) 272.460 ms
1601 6 bzq-179-124-190.cust.bezeqint.net (212.179.124.190) 272.479 ms bzq-179-124-34.cust.bezeqint.net (212.179.124.34) 283.305 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 283.276 ms
1602 7 ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 283.247 ms bzq-161-218.pop.bezeqint.net (212.179.161.218) 283.169 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 283.209 ms
1603 8 ae8.cr1-fra2.ip4.gtt.net (46.33.89.237) 283.143 ms 283.043 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 283.147 ms
1604 9 et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 283.093 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 440.025 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50) 439.927 ms
160510 5.23.0.42 (5.23.0.42) 444.614 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 444.585 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137) 444.459 ms
160611 * if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10) 444.455 ms *
160712 5.23.0.42 (5.23.0.42) 277.908 ms * *
160813 * * *
160914 ösym.gov.tr (213.14.221.20) <syn,ack> 277.766 ms 277.759 ms 283.729 ms
1610######################################################################################################################################
1611Privileges have been dropped to "nobody:nogroup" for security reasons.
1612
1613Processed queries: 0
1614Received packets: 0
1615Progress: 0.00% (00 h 00 min 00 sec / 00 h 00 min 00 sec)
1616Current incoming rate: 0 pps, average: 0 pps
1617Current success rate: 0 pps, average: 0 pps
1618Finished total: 0, success: 0 (0.00%)
1619Mismatched domains: 0 (0.00%), IDs: 0 (0.00%)
1620Failures: 0: 0.00%, 1: 0.00%, 2: 0.00%, 3: 0.00%, 4: 0.00%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1621Response: | Success: | Total:
1622OK: | 0 ( 0.00%) | 0 ( 0.00%)
1623NXDOMAIN: | 0 ( 0.00%) | 0 ( 0.00%)
1624SERVFAIL: | 0 ( 0.00%) | 0 ( 0.00%)
1625REFUSED: | 0 ( 0.00%) | 0 ( 0.00%)
1626FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1627
1628
1629
1630Processed queries: 1919
1631Received packets: 1112
1632Progress: 100.00% (00 h 00 min 01 sec / 00 h 00 min 01 sec)
1633Current incoming rate: 1111 pps, average: 1111 pps
1634Current success rate: 544 pps, average: 544 pps
1635Finished total: 545, success: 545 (100.00%)
1636Mismatched domains: 85 (7.71%), IDs: 0 (0.00%)
1637Failures: 0: 11.38%, 1: 262.94%, 2: 72.29%, 3: 5.32%, 4: 0.18%, 5: 0.00%, 6: 0.00%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1638Response: | Success: | Total:
1639OK: | 114 ( 20.92%) | 126 ( 11.43%)
1640NXDOMAIN: | 394 ( 72.29%) | 434 ( 39.38%)
1641SERVFAIL: | 37 ( 6.79%) | 39 ( 3.54%)
1642REFUSED: | 0 ( 0.00%) | 503 ( 45.64%)
1643FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1644
1645
1646
1647Processed queries: 1919
1648Received packets: 2524
1649Progress: 100.00% (00 h 00 min 02 sec / 00 h 00 min 02 sec)
1650Current incoming rate: 1409 pps, average: 1260 pps
1651Current success rate: 751 pps, average: 648 pps
1652Finished total: 1298, success: 1298 (100.00%)
1653Mismatched domains: 386 (15.45%), IDs: 0 (0.00%)
1654Failures: 0: 4.78%, 1: 34.36%, 2: 32.28%, 3: 45.99%, 4: 26.81%, 5: 3.31%, 6: 0.31%, 7: 0.00%, 8: 0.00%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1655Response: | Success: | Total:
1656OK: | 212 ( 16.33%) | 238 ( 9.53%)
1657NXDOMAIN: | 1027 ( 79.12%) | 1285 ( 51.44%)
1658SERVFAIL: | 59 ( 4.55%) | 64 ( 2.56%)
1659REFUSED: | 0 ( 0.00%) | 911 ( 36.47%)
1660FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1661
1662
1663
1664Processed queries: 1919
1665Received packets: 3575
1666Progress: 100.00% (00 h 00 min 03 sec / 00 h 00 min 03 sec)
1667Current incoming rate: 1048 pps, average: 1189 pps
1668Current success rate: 427 pps, average: 574 pps
1669Finished total: 1726, success: 1726 (100.00%)
1670Mismatched domains: 841 (23.75%), IDs: 0 (0.00%)
1671Failures: 0: 3.59%, 1: 25.84%, 2: 24.28%, 3: 17.03%, 4: 14.43%, 5: 14.60%, 6: 8.81%, 7: 2.38%, 8: 0.23%, 9: 0.00%, 10: 0.00%, 11: 0.00%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1672Response: | Success: | Total:
1673OK: | 247 ( 14.31%) | 279 ( 7.88%)
1674NXDOMAIN: | 1411 ( 81.75%) | 2072 ( 58.51%)
1675SERVFAIL: | 68 ( 3.94%) | 77 ( 2.17%)
1676REFUSED: | 0 ( 0.00%) | 1113 ( 31.43%)
1677FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1678
1679
1680
1681Processed queries: 1919
1682Received packets: 4130
1683Progress: 100.00% (00 h 00 min 04 sec / 00 h 00 min 04 sec)
1684Current incoming rate: 553 pps, average: 1030 pps
1685Current success rate: 144 pps, average: 467 pps
1686Finished total: 1871, success: 1871 (100.00%)
1687Mismatched domains: 1202 (29.35%), IDs: 0 (0.00%)
1688Failures: 0: 3.31%, 1: 23.84%, 2: 22.39%, 3: 15.71%, 4: 13.31%, 5: 10.48%, 6: 5.61%, 7: 4.60%, 8: 2.14%, 9: 1.07%, 10: 0.05%, 11: 0.05%, 12: 0.00%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1689Response: | Success: | Total:
1690OK: | 256 ( 13.68%) | 291 ( 7.11%)
1691NXDOMAIN: | 1543 ( 82.47%) | 2547 ( 62.20%)
1692SERVFAIL: | 72 ( 3.85%) | 86 ( 2.10%)
1693REFUSED: | 0 ( 0.00%) | 1171 ( 28.60%)
1694FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1695
1696
1697
1698Processed queries: 1919
1699Received packets: 4414
1700Progress: 100.00% (00 h 00 min 05 sec / 00 h 00 min 05 sec)
1701Current incoming rate: 283 pps, average: 881 pps
1702Current success rate: 35 pps, average: 380 pps
1703Finished total: 1907, success: 1907 (100.00%)
1704Mismatched domains: 1438 (32.84%), IDs: 0 (0.00%)
1705Failures: 0: 3.25%, 1: 23.39%, 2: 21.97%, 3: 15.42%, 4: 13.06%, 5: 10.28%, 6: 5.51%, 7: 3.78%, 8: 1.63%, 9: 1.26%, 10: 0.58%, 11: 0.47%, 12: 0.05%, 13: 0.00%, 14: 0.00%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1706Response: | Success: | Total:
1707OK: | 257 ( 13.48%) | 292 ( 6.67%)
1708NXDOMAIN: | 1575 ( 82.59%) | 2807 ( 64.10%)
1709SERVFAIL: | 75 ( 3.93%) | 90 ( 2.06%)
1710REFUSED: | 0 ( 0.00%) | 1190 ( 27.18%)
1711FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1712
1713
1714
1715Processed queries: 1919
1716Received packets: 4541
1717Progress: 100.00% (00 h 00 min 06 sec / 00 h 00 min 06 sec)
1718Current incoming rate: 126 pps, average: 755 pps
1719Current success rate: 5 pps, average: 318 pps
1720Finished total: 1913, success: 1913 (100.00%)
1721Mismatched domains: 1557 (34.55%), IDs: 0 (0.00%)
1722Failures: 0: 3.24%, 1: 23.31%, 2: 21.90%, 3: 15.37%, 4: 13.02%, 5: 10.25%, 6: 5.49%, 7: 3.76%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.37%, 12: 0.16%, 13: 0.16%, 14: 0.05%, 15: 0.00%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1723Response: | Success: | Total:
1724OK: | 258 ( 13.49%) | 293 ( 6.50%)
1725NXDOMAIN: | 1580 ( 82.59%) | 2923 ( 64.87%)
1726SERVFAIL: | 75 ( 3.92%) | 94 ( 2.09%)
1727REFUSED: | 0 ( 0.00%) | 1196 ( 26.54%)
1728FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1729
1730
1731
1732Processed queries: 1919
1733Received packets: 4606
1734Progress: 100.00% (00 h 00 min 07 sec / 00 h 00 min 07 sec)
1735Current incoming rate: 64 pps, average: 656 pps
1736Current success rate: 2 pps, average: 273 pps
1737Finished total: 1916, success: 1916 (100.00%)
1738Mismatched domains: 1617 (35.38%), IDs: 0 (0.00%)
1739Failures: 0: 3.24%, 1: 23.28%, 2: 21.87%, 3: 15.34%, 4: 13.00%, 5: 10.23%, 6: 5.48%, 7: 3.76%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.10%, 14: 0.05%, 15: 0.16%, 16: 0.00%, 17: 0.00%, 18: 0.00%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1740Response: | Success: | Total:
1741OK: | 258 ( 13.47%) | 293 ( 6.41%)
1742NXDOMAIN: | 1583 ( 82.62%) | 2977 ( 65.13%)
1743SERVFAIL: | 75 ( 3.91%) | 103 ( 2.25%)
1744REFUSED: | 0 ( 0.00%) | 1198 ( 26.21%)
1745FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1746
1747
1748
1749Processed queries: 1919
1750Received packets: 4642
1751Progress: 100.00% (00 h 00 min 08 sec / 00 h 00 min 08 sec)
1752Current incoming rate: 35 pps, average: 579 pps
1753Current success rate: 0 pps, average: 239 pps
1754Finished total: 1917, success: 1917 (100.00%)
1755Mismatched domains: 1651 (35.84%), IDs: 0 (0.00%)
1756Failures: 0: 3.23%, 1: 23.27%, 2: 21.86%, 3: 15.34%, 4: 12.99%, 5: 10.22%, 6: 5.48%, 7: 3.76%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.10%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1757Response: | Success: | Total:
1758OK: | 258 ( 13.46%) | 293 ( 6.36%)
1759NXDOMAIN: | 1584 ( 82.63%) | 3007 ( 65.27%)
1760SERVFAIL: | 75 ( 3.91%) | 106 ( 2.30%)
1761REFUSED: | 0 ( 0.00%) | 1201 ( 26.07%)
1762FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1763
1764
1765
1766Processed queries: 1919
1767Received packets: 4661
1768Progress: 100.00% (00 h 00 min 09 sec / 00 h 00 min 09 sec)
1769Current incoming rate: 18 pps, average: 516 pps
1770Current success rate: 0 pps, average: 212 pps
1771Finished total: 1918, success: 1918 (100.00%)
1772Mismatched domains: 1669 (36.08%), IDs: 0 (0.00%)
1773Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.05%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1774Response: | Success: | Total:
1775OK: | 258 ( 13.45%) | 293 ( 6.33%)
1776NXDOMAIN: | 1585 ( 82.64%) | 3024 ( 65.37%)
1777SERVFAIL: | 75 ( 3.91%) | 108 ( 2.33%)
1778REFUSED: | 0 ( 0.00%) | 1201 ( 25.96%)
1779FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1780
1781
1782
1783Processed queries: 1919
1784Received packets: 4678
1785Progress: 100.00% (00 h 00 min 10 sec / 00 h 00 min 10 sec)
1786Current incoming rate: 16 pps, average: 466 pps
1787Current success rate: 0 pps, average: 191 pps
1788Finished total: 1918, success: 1918 (100.00%)
1789Mismatched domains: 1686 (36.31%), IDs: 0 (0.00%)
1790Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.05%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1791Response: | Success: | Total:
1792OK: | 258 ( 13.45%) | 293 ( 6.31%)
1793NXDOMAIN: | 1585 ( 82.64%) | 3039 ( 65.45%)
1794SERVFAIL: | 75 ( 3.91%) | 109 ( 2.35%)
1795REFUSED: | 0 ( 0.00%) | 1202 ( 25.89%)
1796FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1797
1798
1799
1800Processed queries: 1919
1801Received packets: 4710
1802Progress: 100.00% (00 h 00 min 11 sec / 00 h 00 min 11 sec)
1803Current incoming rate: 31 pps, average: 427 pps
1804Current success rate: 0 pps, average: 174 pps
1805Finished total: 1918, success: 1918 (100.00%)
1806Mismatched domains: 1718 (36.75%), IDs: 0 (0.00%)
1807Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.05%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1808Response: | Success: | Total:
1809OK: | 258 ( 13.45%) | 293 ( 6.27%)
1810NXDOMAIN: | 1585 ( 82.64%) | 3047 ( 65.18%)
1811SERVFAIL: | 75 ( 3.91%) | 133 ( 2.84%)
1812REFUSED: | 0 ( 0.00%) | 1202 ( 25.71%)
1813FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1814
1815
1816
1817Processed queries: 1919
1818Received packets: 4753
1819Progress: 100.00% (00 h 00 min 12 sec / 00 h 00 min 12 sec)
1820Current incoming rate: 42 pps, average: 395 pps
1821Current success rate: 0 pps, average: 159 pps
1822Finished total: 1918, success: 1918 (100.00%)
1823Mismatched domains: 1761 (37.33%), IDs: 0 (0.00%)
1824Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.05%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1825Response: | Success: | Total:
1826OK: | 258 ( 13.45%) | 293 ( 6.21%)
1827NXDOMAIN: | 1585 ( 82.64%) | 3048 ( 64.60%)
1828SERVFAIL: | 75 ( 3.91%) | 170 ( 3.60%)
1829REFUSED: | 0 ( 0.00%) | 1207 ( 25.58%)
1830FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1831
1832
1833
1834Processed queries: 1919
1835Received packets: 4793
1836Progress: 100.00% (00 h 00 min 13 sec / 00 h 00 min 13 sec)
1837Current incoming rate: 39 pps, average: 368 pps
1838Current success rate: 0 pps, average: 147 pps
1839Finished total: 1918, success: 1918 (100.00%)
1840Mismatched domains: 1801 (37.85%), IDs: 0 (0.00%)
1841Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.05%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1842Response: | Success: | Total:
1843OK: | 258 ( 13.45%) | 293 ( 6.16%)
1844NXDOMAIN: | 1585 ( 82.64%) | 3049 ( 64.08%)
1845SERVFAIL: | 75 ( 3.91%) | 206 ( 4.33%)
1846REFUSED: | 0 ( 0.00%) | 1210 ( 25.43%)
1847FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1848
1849
1850
1851Processed queries: 1919
1852Received packets: 4806
1853Progress: 100.00% (00 h 00 min 14 sec / 00 h 00 min 14 sec)
1854Current incoming rate: 12 pps, average: 342 pps
1855Current success rate: 0 pps, average: 136 pps
1856Finished total: 1918, success: 1918 (100.00%)
1857Mismatched domains: 1814 (38.02%), IDs: 0 (0.00%)
1858Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.05%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1859Response: | Success: | Total:
1860OK: | 258 ( 13.45%) | 293 ( 6.14%)
1861NXDOMAIN: | 1585 ( 82.64%) | 3050 ( 63.93%)
1862SERVFAIL: | 75 ( 3.91%) | 217 ( 4.55%)
1863REFUSED: | 0 ( 0.00%) | 1211 ( 25.38%)
1864FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1865
1866
1867
1868Processed queries: 1919
1869Received packets: 4817
1870Progress: 100.00% (00 h 00 min 15 sec / 00 h 00 min 15 sec)
1871Current incoming rate: 10 pps, average: 320 pps
1872Current success rate: 0 pps, average: 127 pps
1873Finished total: 1918, success: 1918 (100.00%)
1874Mismatched domains: 1825 (38.16%), IDs: 0 (0.00%)
1875Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.05%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1876Response: | Success: | Total:
1877OK: | 258 ( 13.45%) | 293 ( 6.13%)
1878NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.80%)
1879SERVFAIL: | 75 ( 3.91%) | 226 ( 4.73%)
1880REFUSED: | 0 ( 0.00%) | 1212 ( 25.35%)
1881FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1882
1883
1884
1885Processed queries: 1919
1886Received packets: 4818
1887Progress: 100.00% (00 h 00 min 16 sec / 00 h 00 min 16 sec)
1888Current incoming rate: 0 pps, average: 300 pps
1889Current success rate: 0 pps, average: 119 pps
1890Finished total: 1918, success: 1918 (100.00%)
1891Mismatched domains: 1826 (38.18%), IDs: 0 (0.00%)
1892Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.05%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1893Response: | Success: | Total:
1894OK: | 258 ( 13.45%) | 293 ( 6.13%)
1895NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.79%)
1896SERVFAIL: | 75 ( 3.91%) | 226 ( 4.73%)
1897REFUSED: | 0 ( 0.00%) | 1213 ( 25.36%)
1898FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1899
1900
1901
1902Processed queries: 1919
1903Received packets: 4820
1904Progress: 100.00% (00 h 00 min 17 sec / 00 h 00 min 17 sec)
1905Current incoming rate: 1 pps, average: 282 pps
1906Current success rate: 0 pps, average: 112 pps
1907Finished total: 1918, success: 1918 (100.00%)
1908Mismatched domains: 1828 (38.20%), IDs: 0 (0.00%)
1909Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.05%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1910Response: | Success: | Total:
1911OK: | 258 ( 13.45%) | 293 ( 6.12%)
1912NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.76%)
1913SERVFAIL: | 75 ( 3.91%) | 228 ( 4.76%)
1914REFUSED: | 0 ( 0.00%) | 1213 ( 25.35%)
1915FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1916
1917
1918
1919Processed queries: 1919
1920Received packets: 4822
1921Progress: 100.00% (00 h 00 min 18 sec / 00 h 00 min 18 sec)
1922Current incoming rate: 1 pps, average: 267 pps
1923Current success rate: 0 pps, average: 106 pps
1924Finished total: 1918, success: 1918 (100.00%)
1925Mismatched domains: 1830 (38.23%), IDs: 0 (0.00%)
1926Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.05%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1927Response: | Success: | Total:
1928OK: | 258 ( 13.45%) | 293 ( 6.12%)
1929NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.74%)
1930SERVFAIL: | 75 ( 3.91%) | 229 ( 4.78%)
1931REFUSED: | 0 ( 0.00%) | 1214 ( 25.36%)
1932FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1933
1934
1935
1936Processed queries: 1919
1937Received packets: 4824
1938Progress: 100.00% (00 h 00 min 19 sec / 00 h 00 min 19 sec)
1939Current incoming rate: 1 pps, average: 253 pps
1940Current success rate: 0 pps, average: 100 pps
1941Finished total: 1918, success: 1918 (100.00%)
1942Mismatched domains: 1832 (38.25%), IDs: 0 (0.00%)
1943Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.05%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1944Response: | Success: | Total:
1945OK: | 258 ( 13.45%) | 293 ( 6.12%)
1946NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.71%)
1947SERVFAIL: | 75 ( 3.91%) | 229 ( 4.78%)
1948REFUSED: | 0 ( 0.00%) | 1216 ( 25.39%)
1949FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1950
1951
1952
1953Processed queries: 1919
1954Received packets: 4825
1955Progress: 100.00% (00 h 00 min 20 sec / 00 h 00 min 20 sec)
1956Current incoming rate: 0 pps, average: 240 pps
1957Current success rate: 0 pps, average: 95 pps
1958Finished total: 1918, success: 1918 (100.00%)
1959Mismatched domains: 1833 (38.27%), IDs: 0 (0.00%)
1960Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.05%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1961Response: | Success: | Total:
1962OK: | 258 ( 13.45%) | 293 ( 6.12%)
1963NXDOMAIN: | 1585 ( 82.64%) | 3051 ( 63.70%)
1964SERVFAIL: | 75 ( 3.91%) | 230 ( 4.80%)
1965REFUSED: | 0 ( 0.00%) | 1216 ( 25.39%)
1966FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1967
1968
1969
1970Processed queries: 1919
1971Received packets: 4830
1972Progress: 100.00% (00 h 00 min 21 sec / 00 h 00 min 21 sec)
1973Current incoming rate: 4 pps, average: 229 pps
1974Current success rate: 0 pps, average: 91 pps
1975Finished total: 1918, success: 1918 (100.00%)
1976Mismatched domains: 1838 (38.33%), IDs: 0 (0.00%)
1977Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.05%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1978Response: | Success: | Total:
1979OK: | 258 ( 13.45%) | 293 ( 6.11%)
1980NXDOMAIN: | 1585 ( 82.64%) | 3052 ( 63.65%)
1981SERVFAIL: | 75 ( 3.91%) | 233 ( 4.86%)
1982REFUSED: | 0 ( 0.00%) | 1217 ( 25.38%)
1983FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
1984
1985
1986
1987Processed queries: 1919
1988Received packets: 4833
1989Progress: 100.00% (00 h 00 min 22 sec / 00 h 00 min 22 sec)
1990Current incoming rate: 2 pps, average: 219 pps
1991Current success rate: 0 pps, average: 87 pps
1992Finished total: 1918, success: 1918 (100.00%)
1993Mismatched domains: 1841 (38.37%), IDs: 0 (0.00%)
1994Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.05%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
1995Response: | Success: | Total:
1996OK: | 258 ( 13.45%) | 293 ( 6.11%)
1997NXDOMAIN: | 1585 ( 82.64%) | 3052 ( 63.61%)
1998SERVFAIL: | 75 ( 3.91%) | 235 ( 4.90%)
1999REFUSED: | 0 ( 0.00%) | 1218 ( 25.39%)
2000FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2001
2002
2003
2004Processed queries: 1919
2005Received packets: 4835
2006Progress: 100.00% (00 h 00 min 23 sec / 00 h 00 min 23 sec)
2007Current incoming rate: 1 pps, average: 209 pps
2008Current success rate: 0 pps, average: 83 pps
2009Finished total: 1918, success: 1918 (100.00%)
2010Mismatched domains: 1843 (38.40%), IDs: 0 (0.00%)
2011Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.05%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2012Response: | Success: | Total:
2013OK: | 258 ( 13.45%) | 293 ( 6.10%)
2014NXDOMAIN: | 1585 ( 82.64%) | 3053 ( 63.60%)
2015SERVFAIL: | 75 ( 3.91%) | 236 ( 4.92%)
2016REFUSED: | 0 ( 0.00%) | 1218 ( 25.38%)
2017FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2018
2019
2020
2021Processed queries: 1919
2022Received packets: 4836
2023Progress: 100.00% (00 h 00 min 24 sec / 00 h 00 min 24 sec)
2024Current incoming rate: 0 pps, average: 201 pps
2025Current success rate: 0 pps, average: 79 pps
2026Finished total: 1918, success: 1918 (100.00%)
2027Mismatched domains: 1844 (38.41%), IDs: 0 (0.00%)
2028Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.05%, 48: 0.00%, 49: 0.00%, 50: 0.00%,
2029Response: | Success: | Total:
2030OK: | 258 ( 13.45%) | 293 ( 6.10%)
2031NXDOMAIN: | 1585 ( 82.64%) | 3053 ( 63.59%)
2032SERVFAIL: | 75 ( 3.91%) | 236 ( 4.92%)
2033REFUSED: | 0 ( 0.00%) | 1219 ( 25.39%)
2034FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2035
2036
2037
2038Processed queries: 1919
2039Received packets: 4838
2040Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
2041Current incoming rate: 1 pps, average: 193 pps
2042Current success rate: 0 pps, average: 76 pps
2043Finished total: 1918, success: 1918 (100.00%)
2044Mismatched domains: 1846 (38.43%), IDs: 0 (0.00%)
2045Failures: 0: 3.23%, 1: 23.25%, 2: 21.85%, 3: 15.33%, 4: 12.98%, 5: 10.22%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.05%, 50: 0.00%,
2046Response: | Success: | Total:
2047OK: | 258 ( 13.45%) | 293 ( 6.10%)
2048NXDOMAIN: | 1585 ( 82.64%) | 3053 ( 63.56%)
2049SERVFAIL: | 75 ( 3.91%) | 236 ( 4.91%)
2050REFUSED: | 0 ( 0.00%) | 1220 ( 25.40%)
2051FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2052
2053
2054
2055Processed queries: 1919
2056Received packets: 4838
2057Progress: 100.00% (00 h 00 min 25 sec / 00 h 00 min 25 sec)
2058Current incoming rate: 0 pps, average: 192 pps
2059Current success rate: 0 pps, average: 76 pps
2060Finished total: 1919, success: 1918 (99.95%)
2061Mismatched domains: 1846 (38.43%), IDs: 0 (0.00%)
2062Failures: 0: 3.23%, 1: 23.24%, 2: 21.83%, 3: 15.32%, 4: 12.98%, 5: 10.21%, 6: 5.47%, 7: 3.75%, 8: 1.62%, 9: 1.15%, 10: 0.47%, 11: 0.31%, 12: 0.10%, 13: 0.05%, 14: 0.05%, 15: 0.05%, 16: 0.05%, 17: 0.00%, 18: 0.05%, 19: 0.00%, 20: 0.00%, 21: 0.00%, 22: 0.00%, 23: 0.00%, 24: 0.00%, 25: 0.00%, 26: 0.00%, 27: 0.00%, 28: 0.00%, 29: 0.00%, 30: 0.00%, 31: 0.00%, 32: 0.00%, 33: 0.00%, 34: 0.00%, 35: 0.00%, 36: 0.00%, 37: 0.00%, 38: 0.00%, 39: 0.00%, 40: 0.00%, 41: 0.00%, 42: 0.00%, 43: 0.00%, 44: 0.00%, 45: 0.00%, 46: 0.00%, 47: 0.00%, 48: 0.00%, 49: 0.00%, 50: 0.05%,
2063Response: | Success: | Total:
2064OK: | 258 ( 13.45%) | 293 ( 6.10%)
2065NXDOMAIN: | 1585 ( 82.64%) | 3053 ( 63.56%)
2066SERVFAIL: | 75 ( 3.91%) | 236 ( 4.91%)
2067REFUSED: | 0 ( 0.00%) | 1220 ( 25.40%)
2068FORMERR: | 0 ( 0.00%) | 0 ( 0.00%)
2069#####################################################################################################################################
2070[+] www.osym.gov.tr has no SPF record!
2071[*] No DMARC record found. Looking for organizational record
2072[+] No organizational DMARC record
2073[+] Spoofing possible for www.osym.gov.tr!
2074######################################################################################################################################
2075Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:18 EST
2076Nmap scan report for www.osym.gov.tr (213.14.221.20)
2077Host is up (0.39s latency).
2078rDNS record for 213.14.221.20: osym.gov.tr
2079Not shown: 993 filtered ports, 5 closed ports
2080Some closed ports may be reported as filtered due to --defeat-rst-ratelimit
2081PORT STATE SERVICE
208280/tcp open http
2083443/tcp open https
2084
2085Nmap done: 1 IP address (1 host up) scanned in 23.53 seconds
2086######################################################################################################################################
2087Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:19 EST
2088Nmap scan report for www.osym.gov.tr (213.14.221.20)
2089Host is up (0.34s latency).
2090rDNS record for 213.14.221.20: osym.gov.tr
2091Not shown: 2 filtered ports
2092PORT STATE SERVICE
209353/udp open|filtered domain
209467/udp open|filtered dhcps
209568/udp open|filtered dhcpc
209669/udp open|filtered tftp
209788/udp open|filtered kerberos-sec
2098123/udp open|filtered ntp
2099139/udp open|filtered netbios-ssn
2100161/udp open|filtered snmp
2101162/udp open|filtered snmptrap
2102389/udp open|filtered ldap
2103500/udp open|filtered isakmp
2104520/udp open|filtered route
21052049/udp open|filtered nfs
2106
2107Nmap done: 1 IP address (1 host up) scanned in 7.02 seconds
2108######################################################################################################################################
2109<!-- tarih: 11/11/2019 8:19:27 AM-->
2110 <!--[if gte IE 9]
2111 <!-------------------------------- header -------------------------------->
2112 <!-- SiteAgacDallar:20.11.10.29 --><div id="hakkinda">
2113 <!-- SiteAgacDallar:20.11.10.29 --><div id="sinavlar">
2114 <li><!-- DalLink:20.11.10.29 --><a href="/TR,8794/iletisim.html" id="DalLink7">
2115 <!-------------------------------- header -------------------------------->
2116 <!-------------------------------- main -------------------------------->
2117 <!-- exams -->
2118 <!-- item detail -->
2119 <!-- SiteAgacDal:20.11.10.29 -->
2120 <!-- #17050 anahlı dal içerik başlıyor: [versiyon :0] -->
2121 <!-- ###### 17050 anahlı dal içerik bitti ##### -->
2122 <!-- item detail -->
2123 <!-- item detail -->
2124 <!-- SiteAgacDal:20.11.10.29 -->
2125 <!-- #17027 anahlı dal içerik başlıyor: [versiyon :0] -->
2126 <!-- ###### 17027 anahlı dal içerik bitti ##### -->
2127 <!-- item detail -->
2128 <!-- item detail -->
2129 <!-- SiteAgacDal:20.11.10.29 -->
2130 <!-- #17058 anahlı dal içerik başlıyor: [versiyon :0] -->
2131 <!-- ###### 17058 anahlı dal içerik bitti ##### -->
2132 <!-- item detail -->
2133 <!-- item detail -->
2134 <!-- SiteAgacDal:20.11.10.29 -->
2135 <!-- #16949 anahlı dal içerik başlıyor: [versiyon :0] -->
2136 <!-- ###### 16949 anahlı dal içerik bitti ##### -->
2137 <!-- item detail -->
2138 <!-- item detail -->
2139 <!-- SiteAgacDal:20.11.10.29 -->
2140 <!-- #17035 anahlı dal içerik başlıyor: [versiyon :0] -->
2141 <!-- ###### 17035 anahlı dal içerik bitti ##### -->
2142 <!-- item detail -->
2143 <!-- item detail -->
2144 <!-- SiteAgacDal:20.11.10.29 -->
2145 <!-- #16995 anahlı dal içerik başlıyor: [versiyon :0] -->
2146 <!-- ###### 16995 anahlı dal içerik bitti ##### -->
2147 <!-- item detail -->
2148 <!-- item detail -->
2149 <!-- SiteAgacDal:20.11.10.29 -->
2150 <!-- #17058 anahlı dal içerik başlıyor: [versiyon :0] -->
2151 <!-- ###### 17058 anahlı dal içerik bitti ##### -->
2152 <!-- item detail -->
2153 <!-- item detail -->
2154 <!-- SiteAgacDal:20.11.10.29 -->
2155 <!-- item detail -->
2156 <!-- item detail -->
2157 <!-- SiteAgacDal:20.11.10.29 -->
2158 <!-- #17004 anahlı dal içerik başlıyor: [versiyon :0] -->
2159 <!-- ###### 17004 anahlı dal içerik bitti ##### -->
2160 <!-- item detail -->
2161 <!-- item detail -->
2162 <!-- SiteAgacDal:20.11.10.29 -->
2163 <!-- item detail -->
2164 <!-- item detail -->
2165 <!-- SiteAgacDal:20.11.10.29 -->
2166 <!-- item detail -->
2167 <!-- item detail -->
2168 <!-- SiteAgacDal:20.11.10.29 -->
2169 <!-- item detail -->
2170 <!--
2171 <!-- WebParcasiSiteAgacDallar:20.11.10.29 --><div id="WebParcasiSiteAgacDallar1">
2172 <!-- exams -->
2173 <!-- news -->
2174 <!-- DalLink:20.11.10.29 --><a href="/TR,10188/duyurular.html" id="DalLink7" class="btn btn-default archive">
2175 <!-- WebParcasiSiteAgacDallar:20.11.10.29 --><div id="webparcasidallar">
2176 <!-- news -->
2177 <!-- calender -->
2178 <!-- DalLink:20.11.10.29 --><a href="/TR,8797/takvim.html" id="DalLink2" class="btn btn-default all">
2179 <!-- calender -->
2180 <!-- links -->
2181 <!--<h1>ÖNEMLİ LİNKLER</h1>-->
2182 <!-- DalLink:20.11.10.29 --><a href="/TR,9279/koordinatorlukler.html" id="DalLink1">
2183 <!-- DalLink:20.11.10.29 --><a href="/TR,13734/bilgilendirme-videolari.html" id="DalLink2">
2184 <!-- DalLink:20.11.10.29 --><a href="/TR,757/arsiv.html" id="DalLink3">
2185 <!-- DalLink:20.11.10.29 --><a href="/TR,9095/basin-odasi.html" id="DalLink4">
2186 <!-- DalLink:20.11.10.29 --><a href="/TR,6547/arastirma-yayin-ve-istatistikler.html" id="DalLink5">
2187 <!-- DalLink:20.11.10.29 --><a href="/TR,8799/sikca-sorulan-sorular.html" id="DalLink6">
2188 <!-- links -->
2189 <!-- popup mesaj -->
2190 <!-- SiteAgacDal:20.11.10.29 --><!--
2191 <!-------------------------------- main -------------------------------->
2192 <!-- spots -->
2193 <!-- spots -->
2194 <!-------------------------------- footer -------------------------------->
2195 <!-------------------------------- footer -------------------------------->
2196<!--
2197#####################################################################################################################################
2198http://ais.osym.gov.tr
2199http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/kilavuz31102019.pdf
2200http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/kilavuz17092019.pdf
2201http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bkilavuz07112019.pdf
2202http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/kilavuz25102019.pdf
2203http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/kilavuz07112019.pdf
2204http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/kilavuz09102019.pdf
2205http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kilavuz01112019.pdf
2206http://gis.osym.gov.tr
2207http://odeme.osym.gov.tr
2208http://osym.gov.tr/TR,15045/osys-cikmis-sorular.html
2209http://osym.gov.tr/TR,15068/dgs-cikmis-sorular.html
2210http://osym.gov.tr/TR,15069/ales-cikmis-sorular.html
2211http://osym.gov.tr/TR,15070/dus-cikmis-sorular.html
2212http://osym.gov.tr/TR,15071/kpss-cikmis-sorular.html
2213http://osym.gov.tr/TR,15072/tus-cikmis-sorular.html
2214http://osym.gov.tr/TR,15073/yds-cikmis-sorular.html
2215http://osym.gov.tr/TR,15164/yks-cikmis-sorular.html
2216http://osym.gov.tr/TR,15209/msu-cikmis-sorular.html
2217https://cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.10.0/js/bootstrap-select.min.js
2218https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
2219https://cdnjs.cloudflare.com/ajax/libs/jquery/1.3.1/jquery.min.js
2220https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
2221https://cdnjs.cloudflare.com/ajax/libs/vis/4.14.0/vis.min.js
2222http://sonuc.osym.gov.tr
2223https://sonuc.osym.gov.tr/BelgeKontrol.aspx
2224https://tr-tr.facebook.com/OSYMBaskanligi
2225https://twitter.com/osymbaskanligi
2226https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBfTaCuPqjY0VmQlqOC9a8y2fx3R-YNJA8B6776O_YT_f4HEi_bJ_UHNOL3dz_H6gECb8H2eDUfJiGcSW8lHfvtOirTeSf3u2kPKplwi80P2fnp3sVkDDZptZ4RALOloKJoUujKgpKqRQFITNOJDQ-hqtg_ji98ieSMBSzKDkqLpew
2227https://www.youtube.com/channel/UCts6dvZTvwyaibUKHN0AYzA/featured
2228http://webtest/TR,13560/osys-cikmis-sorular.html
2229http://www.osym.gov.tr/TR,546/internet-erisim-sifresi-30062015.html
2230../images/content/mobile-banner.jpg
2231/js/dist/img/timeline/pin.png
2232js/dist/vis_fix.js
2233js/dist/vis_loader.js
2234../js/imageMapResizer.min.js
2235../js/jquery.easing.1.3.js
2236../js/jquery.mobile.custom.min.js
2237../js/jquery.mousewheel.min.js
2238../js/jScrollPane-1.2.3.min.js
2239../js/main.js
2240/ScriptResource.axd?d=q2SCa2sNxmKDVqMj-FzH8NyIJYEfGg_QZhGXRMkyJKcFAqBkuZY1FNWL1z7DXTIU2KVlRtoTM9D2d0znHjCHb0oVECMZs35zk1S4twd7CnK3Wzz3f-d_elfJwK1g968ZAi_Rh5rCF-EPTEpkIk3I5TvG44Y1&t=ffffffffa580202a
2241scripts/jquery-1.11.1.min.js
2242scripts/wiy/jService.js
2243text/css
2244text/javascript
2245/TR,10188/duyurular.html
2246/TR,13734/bilgilendirme-videolari.html
2247/TR,15058/2017-ales-sonbahar-degerlendirme-raporu.html
2248/TR,15059/2017-dgs-degerlendirme-raporu.html
2249/TR,15060/engelisaglik-sorunu-veya-ozel-durumu-olan-adaylara-yapilan-sinav-uygulamalari.html
2250/TR,15061/2018-msu-degerlendirme-raporu.html
2251/TR,15062/2017-tus-ilkbahar-degerlendirme-raporu.html
2252/TR,15063/2017-e-yds-ingilizce-degerlendirme-raporu.html
2253/TR,15066/2017-tus-sonbahar-degerlendirme-raporu.html
2254/TR,15225/2017-oabt-degerlendirme-raporu.html
2255/TR,15256/2018-yks-degerlendirme-raporu.html
2256/TR,15429/2018-tus-ilkbahar-degerlendirme-raporu.html
2257/TR,15509/2018-ales2-degerlendirme-raporu.html
2258/TR,15581/2018-kpss-ortaogretim-degerlendirme-raporu.html
2259/TR,15636/2018-kpss-on-lisans-degerlendirme-raporu.html
2260/TR,15752/2019-msu-degerlendirme-raporu.html
2261/TR,16920/2019-yks-degerlendirme-raporu.html
2262/TR,16998/2019-yks-milli-sporcu-yerlestirme-sonuclari-aciklandi-04102019.html
2263/TR,17003/2019-yds3-basvurularinin-alinmasi-09102019.html
2264/TR,17006/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirilme-islemleri--11102019.html
2265/TR,17010/2019-dgs-ek-yerlestirme-sonuclari-aciklandi-14102019.html
2266/TR,17011/e-yds-201911-ingilizce-sinava-giris-belgeleri-aciklandi-16102019.html
2267/TR,17012/e-yds-201912-ingilizce-basvurularinin-alinmasi-16102019.html
2268/TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
2269/TR,17016/2019-dus-ve-2019-sts-dis-hekimligi-sinav-sonuclari-aciklandi-17102019.html
2270/TR,17017/2019-dus-ve-2019-sts-dis-hekimligi-sinavlari-cevap-kagitlari-ve-aday-cevaplari-erisime-acildi-17102019.html
2271/TR,17018/2018-ydus-ek-tercihlerin-alinmasi-18102019.html
2272/TR,17020/2019-elektronik-yabanci-dil-sinavi-e-yds-201911-ingilizce--sonuclari-aciklandi-19102019.html
2273/TR,17022/2019-tus-2-donem-tercihlerinin-alinmasi-23102019.html
2274/TR,17024/2019-yokdil-sinava-giris-belgeleri-aciklandi-24102019.html
2275/TR,17025/2019-isg-2-donem-basvurularinin-alinmasi-25102019.html
2276/TR,17029/2019-eus-yerlestirme-sonuclari-aciklandi-31102019.html
2277/TR,17030/2018-ydus-ek-yerlestirme-sonuclari-aciklandi-31102019.html
2278/TR,17031/2019-adalet-bakanligi-sinavlari-adli-yargiidari-yargiadli-yargi-avukat-basvurularinin-alinmasi-31102019.html
2279/TR,17032/2019-ydus-basvurularinin-alinmasi-01112019.html
2280/TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
2281/TR,17042/2019-yokdil-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-31102019.html
2282/TR,17043/2019-tus-2-donem-tercih-islemleri-31102019.html
2283/TR,17044/2019-yokdil-temel-soru-kitapciklari-ve-cevap-anahtarlari-yayimlandi-04112019.html
2284/TR,17048/e-yds-201912-ingilizce-sinava-giris-belgeleri-aciklandi-06112019.html
2285/TR,17049/kpss-20195-tarim-ve-orman-bakanligi-meteoroloji-genel-mudurlugunun-sozlesmeli-pozisyonlarina-yerlestirme-yapmak-icin-adaylardan-tercih-alinmasi-07112019.html
2286/TR,17057/2019-adalet-bakanligi-icra-mudur-ve-icra-mudur-yardimcilarini-secme-sinavi-basvurularinin-alinmasi-07112019.html
2287/TR,17059/2019-ales3-sinava-giris-belgeleri-aciklandi-07112019.html
2288/TR,17060/2019-kaymakamlik-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-07112019.html
2289/TR,17061/2019-elektronik-yabanci-dil-sinavi-e-yds-201912-ingilizce--sonuclari-aciklandi-09112019.html
2290/TR,17062/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirme-sonuclari-aciklandi-08112019.html
2291/TR,17065/2019-tus-2-donem-yerlestirme-sonuclari-aciklandi-08112019.html
2292/TR,6547/arastirma-yayin-ve-istatistikler.html
2293/TR,757/arsiv.html
2294/TR,8794/iletisim.html
2295/TR,8797/takvim.html
2296/TR,8799/sikca-sorulan-sorular.html
2297/TR,9095/basin-odasi.html
2298/TR,9279/koordinatorlukler.html
2299#####################################################################################################################################
2300http://www.osym.gov.tr [200 OK] ASP_NET, Cookies[ASP.NET_SessionId], Country[TURKEY][TR], Google-Analytics[Universal][UA-75663634-1], HTML5, HttpOnly[ASP.NET_SessionId], IP[213.14.221.20], JQuery[1.11.1,1.3.1], Open-Graph-Protocol, Script[text/javascript], Title[ÖSYM • T.C. ÖLÇME, SEÇME VE YERLEŞTİRME MERKEZİ][Title element contains newline(s)!], UncommonHeaders[homepageandlang,x-content-type-options,content-security-policy,referrer-policy], X-Frame-Options[SAMEORIGIN], X-UA-Compatible[IE=edge], X-XSS-Protection[1;mode=block]
2301######################################################################################################################################
2302------------------------------------------------------------------------------------------------------------------------
2303
2304[ ! ] Starting SCANNER INURLBR 2.1 at [11-11-2019 01:41:42]
2305[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
2306It is the end user's responsibility to obey all applicable local, state and federal laws.
2307Developers assume no liability and are not responsible for any misuse or damage caused by this program
2308
2309[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.osym.gov.tr/output/inurlbr-www.osym.gov.tr ]
2310[ INFO ][ DORK ]::[ site:www.osym.gov.tr ]
2311[ INFO ][ SEARCHING ]:: {
2312[ INFO ][ ENGINE ]::[ GOOGLE - www.google.tk ]
2313
2314[ INFO ][ SEARCHING ]::
2315-[:::]
2316[ INFO ][ ENGINE ]::[ GOOGLE API ]
2317
2318[ INFO ][ SEARCHING ]::
2319-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2320[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.com.kh ID: 005911257635119896548:iiolgmwf2se ]
2321
2322[ INFO ][ SEARCHING ]::
2323-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
2324
2325[ INFO ][ TOTAL FOUND VALUES ]:: [ 5 ]
2326
2327
2328 _[ - ]::--------------------------------------------------------------------------------------------------------------
2329|_[ + ] [ 0 / 5 ]-[01:42:10] [ - ]
2330|_[ + ] Target:: [ https://www.osym.gov.tr/ ]
2331|_[ + ] Exploit::
2332|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:443
2333|_[ + ] More details:: / - / , ISP:
2334|_[ + ] Found:: UNIDENTIFIED
2335
2336 _[ - ]::--------------------------------------------------------------------------------------------------------------
2337|_[ + ] [ 1 / 5 ]-[01:42:14] [ - ]
2338|_[ + ] Target:: [ http://www.osym.gov.tr/nosor/kms/ ]
2339|_[ + ] Exploit::
2340|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:80
2341|_[ + ] More details:: / - / , ISP:
2342|_[ + ] Found:: UNIDENTIFIED
2343
2344 _[ - ]::--------------------------------------------------------------------------------------------------------------
2345|_[ + ] [ 2 / 5 ]-[01:42:20] [ - ]
2346|_[ + ] Target:: [ http://www.osym.gov.tr/belge/site-agaci ]
2347|_[ + ] Exploit::
2348|_[ + ] Information Server:: , , IP:213.14.221.20:80
2349|_[ + ] More details:: / - / , ISP:
2350|_[ + ] Found:: UNIDENTIFIED
2351
2352 _[ - ]::--------------------------------------------------------------------------------------------------------------
2353|_[ + ] [ 3 / 5 ]-[01:42:24] [ - ]
2354|_[ + ] Target:: [ https://www.osym.gov.tr/TR ]
2355|_[ + ] Exploit::
2356|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:443
2357|_[ + ] More details:: / - / , ISP:
2358|_[ + ] Found:: UNIDENTIFIED
2359
2360 _[ - ]::--------------------------------------------------------------------------------------------------------------
2361|_[ + ] [ 4 / 5 ]-[01:42:27] [ - ]
2362|_[ + ] Target:: [ http://www.osym.gov.tr/TR ]
2363|_[ + ] Exploit::
2364|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:80
2365|_[ + ] More details:: / - / , ISP:
2366|_[ + ] Found:: UNIDENTIFIED
2367
2368[ INFO ] [ Shutting down ]
2369[ INFO ] [ End of process INURLBR at [11-11-2019 01:42:27]
2370[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
2371[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.osym.gov.tr/output/inurlbr-www.osym.gov.tr ]
2372|_________________________________________________________________________________________
2373
2374\_________________________________________________________________________________________/
2375#####################################################################################################################################
2376<!-- tarih: 11/11/2019 8:42:44 AM-->
2377 <!--[if gte IE 9]
2378 <!-------------------------------- header -------------------------------->
2379 <!-- SiteAgacDallar:20.11.10.29 --><div id="hakkinda">
2380 <!-- SiteAgacDallar:20.11.10.29 --><div id="sinavlar">
2381 <li><!-- DalLink:20.11.10.29 --><a href="/TR,8794/iletisim.html" id="DalLink7">
2382 <!-------------------------------- header -------------------------------->
2383 <!-------------------------------- main -------------------------------->
2384 <!-- exams -->
2385 <!-- item detail -->
2386 <!-- SiteAgacDal:20.11.10.29 -->
2387 <!-- #17050 anahlı dal içerik başlıyor: [versiyon :0] -->
2388 <!-- ###### 17050 anahlı dal içerik bitti ##### -->
2389 <!-- item detail -->
2390 <!-- item detail -->
2391 <!-- SiteAgacDal:20.11.10.29 -->
2392 <!-- #17027 anahlı dal içerik başlıyor: [versiyon :0] -->
2393 <!-- ###### 17027 anahlı dal içerik bitti ##### -->
2394 <!-- item detail -->
2395 <!-- item detail -->
2396 <!-- SiteAgacDal:20.11.10.29 -->
2397 <!-- #17058 anahlı dal içerik başlıyor: [versiyon :0] -->
2398 <!-- ###### 17058 anahlı dal içerik bitti ##### -->
2399 <!-- item detail -->
2400 <!-- item detail -->
2401 <!-- SiteAgacDal:20.11.10.29 -->
2402 <!-- #16949 anahlı dal içerik başlıyor: [versiyon :0] -->
2403 <!-- ###### 16949 anahlı dal içerik bitti ##### -->
2404 <!-- item detail -->
2405 <!-- item detail -->
2406 <!-- SiteAgacDal:20.11.10.29 -->
2407 <!-- #17035 anahlı dal içerik başlıyor: [versiyon :0] -->
2408 <!-- ###### 17035 anahlı dal içerik bitti ##### -->
2409 <!-- item detail -->
2410 <!-- item detail -->
2411 <!-- SiteAgacDal:20.11.10.29 -->
2412 <!-- #16995 anahlı dal içerik başlıyor: [versiyon :0] -->
2413 <!-- ###### 16995 anahlı dal içerik bitti ##### -->
2414 <!-- item detail -->
2415 <!-- item detail -->
2416 <!-- SiteAgacDal:20.11.10.29 -->
2417 <!-- #17058 anahlı dal içerik başlıyor: [versiyon :0] -->
2418 <!-- ###### 17058 anahlı dal içerik bitti ##### -->
2419 <!-- item detail -->
2420 <!-- item detail -->
2421 <!-- SiteAgacDal:20.11.10.29 -->
2422 <!-- item detail -->
2423 <!-- item detail -->
2424 <!-- SiteAgacDal:20.11.10.29 -->
2425 <!-- #17004 anahlı dal içerik başlıyor: [versiyon :0] -->
2426 <!-- ###### 17004 anahlı dal içerik bitti ##### -->
2427 <!-- item detail -->
2428 <!-- item detail -->
2429 <!-- SiteAgacDal:20.11.10.29 -->
2430 <!-- item detail -->
2431 <!-- item detail -->
2432 <!-- SiteAgacDal:20.11.10.29 -->
2433 <!-- item detail -->
2434 <!-- item detail -->
2435 <!-- SiteAgacDal:20.11.10.29 -->
2436 <!-- item detail -->
2437 <!--
2438 <!-- WebParcasiSiteAgacDallar:20.11.10.29 --><div id="WebParcasiSiteAgacDallar1">
2439 <!-- exams -->
2440 <!-- news -->
2441 <!-- DalLink:20.11.10.29 --><a href="/TR,10188/duyurular.html" id="DalLink7" class="btn btn-default archive">
2442 <!-- WebParcasiSiteAgacDallar:20.11.10.29 --><div id="webparcasidallar">
2443 <!-- news -->
2444 <!-- calender -->
2445 <!-- DalLink:20.11.10.29 --><a href="/TR,8797/takvim.html" id="DalLink2" class="btn btn-default all">
2446 <!-- calender -->
2447 <!-- links -->
2448 <!--<h1>ÖNEMLİ LİNKLER</h1>-->
2449 <!-- DalLink:20.11.10.29 --><a href="/TR,9279/koordinatorlukler.html" id="DalLink1">
2450 <!-- DalLink:20.11.10.29 --><a href="/TR,13734/bilgilendirme-videolari.html" id="DalLink2">
2451 <!-- DalLink:20.11.10.29 --><a href="/TR,757/arsiv.html" id="DalLink3">
2452 <!-- DalLink:20.11.10.29 --><a href="/TR,9095/basin-odasi.html" id="DalLink4">
2453 <!-- DalLink:20.11.10.29 --><a href="/TR,6547/arastirma-yayin-ve-istatistikler.html" id="DalLink5">
2454 <!-- DalLink:20.11.10.29 --><a href="/TR,8799/sikca-sorulan-sorular.html" id="DalLink6">
2455 <!-- links -->
2456 <!-- popup mesaj -->
2457 <!-- SiteAgacDal:20.11.10.29 --><!--
2458 <!-------------------------------- main -------------------------------->
2459 <!-- spots -->
2460 <!-- spots -->
2461 <!-------------------------------- footer -------------------------------->
2462 <!-------------------------------- footer -------------------------------->
2463<!--
2464######################################################################################################################################
2465http://ais.osym.gov.tr
2466http://dokuman.osym.gov.tr/pdfdokuman/2019/ADBAK/kilavuz31102019.pdf
2467http://dokuman.osym.gov.tr/pdfdokuman/2019/ALES-3/kilavuz17092019.pdf
2468http://dokuman.osym.gov.tr/pdfdokuman/2019/ICRA/bkilavuz07112019.pdf
2469http://dokuman.osym.gov.tr/pdfdokuman/2019/ISGDONEM2/kilavuz25102019.pdf
2470http://dokuman.osym.gov.tr/pdfdokuman/2019/KPSS/TERCIH5/kilavuz07112019.pdf
2471http://dokuman.osym.gov.tr/pdfdokuman/2019/YDS-3/kilavuz09102019.pdf
2472http://dokuman.osym.gov.tr/pdfdokuman/2019/YDUS/kilavuz01112019.pdf
2473http://gis.osym.gov.tr
2474http://odeme.osym.gov.tr
2475http://osym.gov.tr/TR,15045/osys-cikmis-sorular.html
2476http://osym.gov.tr/TR,15068/dgs-cikmis-sorular.html
2477http://osym.gov.tr/TR,15069/ales-cikmis-sorular.html
2478http://osym.gov.tr/TR,15070/dus-cikmis-sorular.html
2479http://osym.gov.tr/TR,15071/kpss-cikmis-sorular.html
2480http://osym.gov.tr/TR,15072/tus-cikmis-sorular.html
2481http://osym.gov.tr/TR,15073/yds-cikmis-sorular.html
2482http://osym.gov.tr/TR,15164/yks-cikmis-sorular.html
2483http://osym.gov.tr/TR,15209/msu-cikmis-sorular.html
2484https://cdnjs.cloudflare.com/ajax/libs/bootstrap-select/1.10.0/js/bootstrap-select.min.js
2485https://cdnjs.cloudflare.com/ajax/libs/jquery/1.11.1/jquery.min.js
2486https://cdnjs.cloudflare.com/ajax/libs/jquery/1.3.1/jquery.min.js
2487https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.5/js/bootstrap.min.js
2488https://cdnjs.cloudflare.com/ajax/libs/vis/4.14.0/vis.min.js
2489http://sonuc.osym.gov.tr
2490https://sonuc.osym.gov.tr/BelgeKontrol.aspx
2491https://tr-tr.facebook.com/OSYMBaskanligi
2492https://twitter.com/osymbaskanligi
2493https://www.cimer.gov.tr/?bim=CfDJ8CLd_u-3vtlEmchj_bWBwBfTaCuPqjY0VmQlqOC9a8y2fx3R-YNJA8B6776O_YT_f4HEi_bJ_UHNOL3dz_H6gECb8H2eDUfJiGcSW8lHfvtOirTeSf3u2kPKplwi80P2fnp3sVkDDZptZ4RALOloKJoUujKgpKqRQFITNOJDQ-hqtg_ji98ieSMBSzKDkqLpew
2494https://www.youtube.com/channel/UCts6dvZTvwyaibUKHN0AYzA/featured
2495http://webtest/TR,13560/osys-cikmis-sorular.html
2496http://www.osym.gov.tr/TR,546/internet-erisim-sifresi-30062015.html
2497../images/content/mobile-banner.jpg
2498/js/dist/img/timeline/pin.png
2499js/dist/vis_fix.js
2500js/dist/vis_loader.js
2501../js/imageMapResizer.min.js
2502../js/jquery.easing.1.3.js
2503../js/jquery.mobile.custom.min.js
2504../js/jquery.mousewheel.min.js
2505../js/jScrollPane-1.2.3.min.js
2506../js/main.js
2507/ScriptResource.axd?d=q2SCa2sNxmKDVqMj-FzH8NyIJYEfGg_QZhGXRMkyJKcFAqBkuZY1FNWL1z7DXTIU2KVlRtoTM9D2d0znHjCHb0oVECMZs35zk1S4twd7CnK3Wzz3f-d_elfJwK1g968ZAi_Rh5rCF-EPTEpkIk3I5TvG44Y1&t=ffffffffa580202a
2508scripts/jquery-1.11.1.min.js
2509scripts/wiy/jService.js
2510text/css
2511text/javascript
2512/TR,10188/duyurular.html
2513/TR,13734/bilgilendirme-videolari.html
2514/TR,15058/2017-ales-sonbahar-degerlendirme-raporu.html
2515/TR,15059/2017-dgs-degerlendirme-raporu.html
2516/TR,15060/engelisaglik-sorunu-veya-ozel-durumu-olan-adaylara-yapilan-sinav-uygulamalari.html
2517/TR,15061/2018-msu-degerlendirme-raporu.html
2518/TR,15062/2017-tus-ilkbahar-degerlendirme-raporu.html
2519/TR,15063/2017-e-yds-ingilizce-degerlendirme-raporu.html
2520/TR,15066/2017-tus-sonbahar-degerlendirme-raporu.html
2521/TR,15225/2017-oabt-degerlendirme-raporu.html
2522/TR,15256/2018-yks-degerlendirme-raporu.html
2523/TR,15429/2018-tus-ilkbahar-degerlendirme-raporu.html
2524/TR,15509/2018-ales2-degerlendirme-raporu.html
2525/TR,15581/2018-kpss-ortaogretim-degerlendirme-raporu.html
2526/TR,15636/2018-kpss-on-lisans-degerlendirme-raporu.html
2527/TR,15752/2019-msu-degerlendirme-raporu.html
2528/TR,16920/2019-yks-degerlendirme-raporu.html
2529/TR,16998/2019-yks-milli-sporcu-yerlestirme-sonuclari-aciklandi-04102019.html
2530/TR,17003/2019-yds3-basvurularinin-alinmasi-09102019.html
2531/TR,17006/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirilme-islemleri--11102019.html
2532/TR,17010/2019-dgs-ek-yerlestirme-sonuclari-aciklandi-14102019.html
2533/TR,17011/e-yds-201911-ingilizce-sinava-giris-belgeleri-aciklandi-16102019.html
2534/TR,17012/e-yds-201912-ingilizce-basvurularinin-alinmasi-16102019.html
2535/TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
2536/TR,17016/2019-dus-ve-2019-sts-dis-hekimligi-sinav-sonuclari-aciklandi-17102019.html
2537/TR,17017/2019-dus-ve-2019-sts-dis-hekimligi-sinavlari-cevap-kagitlari-ve-aday-cevaplari-erisime-acildi-17102019.html
2538/TR,17018/2018-ydus-ek-tercihlerin-alinmasi-18102019.html
2539/TR,17020/2019-elektronik-yabanci-dil-sinavi-e-yds-201911-ingilizce--sonuclari-aciklandi-19102019.html
2540/TR,17022/2019-tus-2-donem-tercihlerinin-alinmasi-23102019.html
2541/TR,17024/2019-yokdil-sinava-giris-belgeleri-aciklandi-24102019.html
2542/TR,17025/2019-isg-2-donem-basvurularinin-alinmasi-25102019.html
2543/TR,17029/2019-eus-yerlestirme-sonuclari-aciklandi-31102019.html
2544/TR,17030/2018-ydus-ek-yerlestirme-sonuclari-aciklandi-31102019.html
2545/TR,17031/2019-adalet-bakanligi-sinavlari-adli-yargiidari-yargiadli-yargi-avukat-basvurularinin-alinmasi-31102019.html
2546/TR,17032/2019-ydus-basvurularinin-alinmasi-01112019.html
2547/TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
2548/TR,17042/2019-yokdil-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-31102019.html
2549/TR,17043/2019-tus-2-donem-tercih-islemleri-31102019.html
2550/TR,17044/2019-yokdil-temel-soru-kitapciklari-ve-cevap-anahtarlari-yayimlandi-04112019.html
2551/TR,17048/e-yds-201912-ingilizce-sinava-giris-belgeleri-aciklandi-06112019.html
2552/TR,17049/kpss-20195-tarim-ve-orman-bakanligi-meteoroloji-genel-mudurlugunun-sozlesmeli-pozisyonlarina-yerlestirme-yapmak-icin-adaylardan-tercih-alinmasi-07112019.html
2553/TR,17057/2019-adalet-bakanligi-icra-mudur-ve-icra-mudur-yardimcilarini-secme-sinavi-basvurularinin-alinmasi-07112019.html
2554/TR,17059/2019-ales3-sinava-giris-belgeleri-aciklandi-07112019.html
2555/TR,17060/2019-kaymakamlik-sinavi-icin-sinav-gunu-acik-tutulacak-ililce-nufus-mudurlukleri-07112019.html
2556/TR,17061/2019-elektronik-yabanci-dil-sinavi-e-yds-201912-ingilizce--sonuclari-aciklandi-09112019.html
2557/TR,17062/2019-zorunlu-yabanci-dil-hazirlik-siniflarinda-basarisiz-olan-ogrencilerin-turkce-ogretim-yapan-yuksekogretim-programlarina-yerlestirme-sonuclari-aciklandi-08112019.html
2558/TR,17065/2019-tus-2-donem-yerlestirme-sonuclari-aciklandi-08112019.html
2559/TR,6547/arastirma-yayin-ve-istatistikler.html
2560/TR,757/arsiv.html
2561/TR,8794/iletisim.html
2562/TR,8797/takvim.html
2563/TR,8799/sikca-sorulan-sorular.html
2564/TR,9095/basin-odasi.html
2565/TR,9279/koordinatorlukler.html
2566######################################################################################################################################
2567https://www.osym.gov.tr [200 OK] ASP_NET, Cookies[ASP.NET_SessionId], Country[TURKEY][TR], Google-Analytics[Universal][UA-75663634-1], HTML5, HttpOnly[ASP.NET_SessionId], IP[213.14.221.20], JQuery[1.11.1,1.3.1], Open-Graph-Protocol, Script[text/javascript], Title[ÖSYM • T.C. ÖLÇME, SEÇME VE YERLEŞTİRME MERKEZİ][Title element contains newline(s)!], UncommonHeaders[homepageandlang], X-UA-Compatible[IE=edge]
2568#######################################################################################################################################
2569wig - WebApp Information Gatherer
2570
2571
2572Scanning https://www.osym.gov.tr...
2573__________________ SITE INFO ___________________
2574IP Title
2575213.14.221.20 ÖSYM • T.C. ÖLÇME, SEÇME VE
2576
2577___________________ VERSION ____________________
2578Name Versions Type
2579ASP.NET Platform
2580jQuery 1.11.1 JavaScript
2581
2582________________________________________________
2583Time: 1265.1 sec Urls: 642 Fingerprints: 40401
2584#####################################################################################################################################
2585Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 02:04 EST
2586NSE: Loaded 163 scripts for scanning.
2587NSE: Script Pre-scanning.
2588Initiating NSE at 02:04
2589Completed NSE at 02:04, 0.00s elapsed
2590Initiating NSE at 02:04
2591Completed NSE at 02:04, 0.00s elapsed
2592Initiating Parallel DNS resolution of 1 host. at 02:04
2593Completed Parallel DNS resolution of 1 host. at 02:04, 0.17s elapsed
2594Initiating SYN Stealth Scan at 02:04
2595Scanning www.osym.gov.tr (213.14.221.20) [1 port]
2596Discovered open port 443/tcp on 213.14.221.20
2597Completed SYN Stealth Scan at 02:04, 0.32s elapsed (1 total ports)
2598Initiating Service scan at 02:04
2599Scanning 1 service on www.osym.gov.tr (213.14.221.20)
2600Completed Service scan at 02:05, 57.85s elapsed (1 service on 1 host)
2601Initiating OS detection (try #1) against www.osym.gov.tr (213.14.221.20)
2602Retrying OS detection (try #2) against www.osym.gov.tr (213.14.221.20)
2603Initiating Traceroute at 02:05
2604Completed Traceroute at 02:05, 3.44s elapsed
2605Initiating Parallel DNS resolution of 10 hosts. at 02:05
2606Completed Parallel DNS resolution of 10 hosts. at 02:05, 0.62s elapsed
2607NSE: Script scanning 213.14.221.20.
2608Initiating NSE at 02:05
2609Completed NSE at 02:11, 357.54s elapsed
2610Initiating NSE at 02:11
2611Completed NSE at 02:11, 2.23s elapsed
2612Nmap scan report for www.osym.gov.tr (213.14.221.20)
2613Host is up (0.37s latency).
2614
2615PORT STATE SERVICE VERSION
2616443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
2617|_http-aspnet-debug: ERROR: Script execution failed (use -d to debug)
2618| http-brute:
2619|_ Path "/" does not require authentication
2620| http-cakephp-version: Version of codebase: 1.1.x, 1.2.x
2621| Version of icons: 1.3.x
2622|_Default stylesheet has an unknown hash: afb6efdaa465c41edfb7090fa54176db
2623|_http-chrono: Request times for /; avg: 6070.49ms; min: 2319.78ms; max: 10778.59ms
2624| http-csrf:
2625| Spidering limited to: maxdepth=3; maxpagecount=20; withinhost=www.osym.gov.tr
2626| Found the following possible CSRF vulnerabilities:
2627|
2628| Path: https://www.osym.gov.tr:443/
2629| Form id: form2
2630| Form action: /
2631|
2632| Path: https://www.osym.gov.tr:443/TR,13493/yks.html
2633| Form id: form2
2634| Form action: /TR,15617/2019.html
2635|
2636| Path: https://www.osym.gov.tr:443/TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
2637| Form id: form2
2638| Form action: /TR,17014/2019-eus-tercihlerin-alinmasi-17102019.html
2639|
2640| Path: https://www.osym.gov.tr:443/TR,184/yds.html
2641| Form id: form2
2642| Form action: /TR,8860/hakkinda.html
2643|
2644| Path: https://www.osym.gov.tr:443/TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
2645| Form id: form2
2646|_ Form action: /TR,17038/2019-kaymakamlik-sinava-giris-belgeleri-aciklandi-30102019.html
2647|_http-date: Mon, 11 Nov 2019 07:06:18 GMT; -6s from local time.
2648|_http-devframework: ASP.NET detected. Found related header.
2649|_http-dombased-xss: Couldn't find any DOM based XSS.
2650|_http-errors: ERROR: Script execution failed (use -d to debug)
2651|_http-exif-spider: ERROR: Script execution failed (use -d to debug)
2652|_http-feed: Couldn't find any feeds.
2653|_http-fetch: Please enter the complete path of the directory to save data in.
2654| http-grep:
2655| (1) https://www.osym.gov.tr:443/:
2656| (1) ip:
2657|_ + 20.11.10.29
2658| http-headers:
2659| Cache-Control: private
2660| Content-Length: 174138
2661| Content-Type: text/html; charset=utf-8
2662| Set-Cookie: ASP.NET_SessionId=ded1tb3bswckp4beeiwhepto; path=/; HttpOnly
2663| HomePageAndLang: true_1
2664| Date: Mon, 11 Nov 2019 07:06:35 GMT
2665|
2666|_ (Request type: HEAD)
2667|_http-jsonp-detection: Couldn't find any JSONP endpoints.
2668| http-methods:
2669|_ Supported Methods: GET HEAD POST OPTIONS
2670|_http-mobileversion-checker: No mobile version detected.
2671| http-security-headers:
2672| Strict_Transport_Security:
2673| HSTS not configured in HTTPS Server
2674| Cache_Control:
2675|_ Header: Cache-Control: private
2676| http-sitemap-generator:
2677| Directory structure:
2678| /
2679| Other: 1; axd: 1
2680| /TR,17014/
2681| html: 1
2682| /TR,17038/
2683| html: 1
2684| /TR,17049/
2685| html: 1
2686| /TR,184/
2687| html: 1
2688| /TR,8794/
2689| html: 1
2690| /TR,8799/
2691| html: 1
2692| /images/favicon/
2693| png: 3
2694| /images/icons/
2695| png: 1
2696| /js/
2697| js: 1
2698| Longest directory structure:
2699| Depth: 2
2700| Dir: /images/favicon/
2701| Total files found (by extension):
2702|_ Other: 1; axd: 1; html: 6; js: 1; png: 4
2703|_http-stored-xss: Couldn't find any stored XSS vulnerabilities.
2704|_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
2705|_http-traceroute: ERROR: Script execution failed (use -d to debug)
2706|_http-trane-info: Problem with XML parsing of /evox/about
2707| http-vhosts:
2708|_127 names had status 200
2709|_http-vuln-cve2014-3704: ERROR: Script execution failed (use -d to debug)
2710|_http-vuln-cve2017-1001000: ERROR: Script execution failed (use -d to debug)
2711| http-waf-fingerprint:
2712| Detected WAF
2713|_ Citrix Netscaler version 10.
2714|_http-xssed: No previously reported XSS vuln.
2715| vulscan: VulDB - https://vuldb.com:
2716| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
2717| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
2718| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
2719| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
2720| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
2721| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2722| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2723| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2724| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2725| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2726| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2727| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2728| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2729| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2730| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2731| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2732| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2733| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2734| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2735| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
2736| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
2737| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
2738| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
2739| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
2740| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
2741| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
2742| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
2743| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
2744| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
2745| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
2746| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
2747| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
2748| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
2749| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
2750| [114524] Microsoft ASP.NET Core 2.0 denial of service
2751| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
2752| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2753| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2754| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
2755| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2756| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2757| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
2758| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
2759| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
2760| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2761| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2762| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2763| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2764| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2765| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2766| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2767| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2768| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2769| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2770| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
2771| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2772| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2773| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
2774| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
2775| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
2776| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
2777| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
2778| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
2779| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
2780| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
2781| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2782| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
2783| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
2784| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2785| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2786| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2787| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
2788| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
2789| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2790| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2791| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
2792| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
2793| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
2794| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
2795| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
2796| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
2797| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2798| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
2799| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2800| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
2801| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
2802| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
2803| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
2804| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
2805| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
2806| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
2807| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
2808| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
2809| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2810| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
2811| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
2812| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
2813| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
2814| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
2815| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
2816| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2817| [98085] Microsoft Excel 2007 SP3 memory corruption
2818| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2819| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
2820| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
2821| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
2822| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2823| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
2824| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2825| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2826| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
2827| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
2828| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2829| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2830| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
2831| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
2832| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
2833| [93541] Microsoft Office 2007 SP3 denial of service
2834| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
2835| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
2836| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
2837| [93396] Microsoft Office 2007/2010/2011 memory corruption
2838| [93395] Microsoft Office 2007/2010/2011 memory corruption
2839| [93394] Microsoft Office 2007/2010 memory corruption
2840| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
2841| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
2842| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2843| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
2844| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2845| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2846| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2847| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
2848| [91545] Microsoft Office 2007/2010 memory corruption
2849| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2850| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
2851| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
2852| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
2853| [90705] Microsoft Office 2007/2010/2011 memory corruption
2854| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
2855| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2856| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2857| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
2858| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2859| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2860| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
2861| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
2862| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
2863| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
2864| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2865| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2866| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
2867| [87147] Microsoft Office 2007/2010 memory corruption
2868| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2869| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
2870| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2871| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2872| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2873| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
2874| [81272] Microsoft Office 2007/2010/2013 memory corruption
2875| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
2876| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2877| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2878| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
2879| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
2880| [79505] Microsoft Office 2007 memory corruption
2881| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
2882| [79503] Microsoft Office 2007/2010/2013 memory corruption
2883| [79502] Microsoft Office 2007/2010/2011 memory corruption
2884| [79501] Microsoft Office 2007/2010 memory corruption
2885| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
2886| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
2887| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2888| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
2889| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
2890| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
2891| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
2892| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
2893| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
2894| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2895| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
2896| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
2897| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
2898| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
2899| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
2900| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
2901| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2902| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2903| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2904| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
2905| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
2906| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
2907| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
2908| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
2909| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
2910| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
2911| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
2912| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2913| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
2914| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
2915| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
2916| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
2917| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
2918| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2919| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2920| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2921| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
2922| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
2923| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2924| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
2925| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
2926| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
2927| [68408] Microsoft Excel 2007/2010/2013 memory corruption
2928| [68407] Microsoft Excel 2007/2010 memory corruption
2929| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
2930| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
2931| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
2932| [68188] Microsoft Word 2007 File memory corruption
2933| [68187] Microsoft Word 2007 File memory corruption
2934| [68186] Microsoft Word 2007 File memory corruption
2935| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
2936| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
2937| [71337] Microsoft Office 2000/2004/XP memory corruption
2938| [67355] Microsoft OneNote 2007 File Processing privilege escalation
2939| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
2940| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
2941| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
2942| [13545] Microsoft Word 2007 Embedded Font memory corruption
2943| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
2944| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
2945| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
2946| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
2947| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2948| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
2949| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
2950| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
2951| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
2952| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
2953| [12844] Microsoft Word 2007/2010 Office File memory corruption
2954| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
2955| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
2956| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
2957| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
2958| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
2959| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
2960| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
2961| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
2962| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
2963| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
2964| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
2965| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
2966| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
2967| [10648] Microsoft Word 2007 Word File memory corruption
2968| [10647] Microsoft Word 2003 Word File memory corruption
2969| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
2970| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
2971| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
2972| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
2973| [10244] Microsoft Office 2003 SP3 Word File memory corruption
2974| [10243] Microsoft Office 2003/2007 Word File memory corruption
2975| [10242] Microsoft Office 2007 Word File memory corruption
2976| [10241] Microsoft Office 2007 Word File memory corruption
2977| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
2978| [10239] Microsoft Office 2003/2007 Word File memory corruption
2979| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
2980| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
2981| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
2982| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2983| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2984| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2985| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
2986| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2987| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2988| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
2989| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
2990| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
2991| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
2992| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
2993| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
2994| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
2995| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
2996| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
2997| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
2998| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
2999| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
3000| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
3001| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
3002| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
3003| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
3004| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
3005| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
3006| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
3007| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
3008| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
3009| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
3010| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
3011| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
3012| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
3013| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
3014| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
3015| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
3016| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
3017| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
3018| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
3019| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
3020| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
3021| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
3022| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
3023| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
3024| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
3025| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
3026| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
3027| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
3028| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
3029| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
3030| [6830] Microsoft Word 2007/2010 File memory corruption
3031| [6819] Microsoft Excel 2007 File memory corruption
3032| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
3033| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
3034| [6621] Microsoft Word 2007 PAPX memory corruption
3035| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
3036| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
3037| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
3038| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
3039| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
3040| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
3041| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
3042| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
3043| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
3044| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
3045| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
3046| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
3047| [5643] Microsoft SharePoint 2007/2010 information disclosure
3048| [5642] Microsoft SharePoint 2007 cross site request forgery
3049| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
3050| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
3051| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
3052| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
3053| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
3054| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
3055| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
3056| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
3057| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
3058| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
3059| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
3060| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
3061| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
3062| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
3063| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
3064| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
3065| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
3066| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
3067| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
3068| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
3069| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
3070| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
3071| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
3072| [4480] Microsoft Excel 2003 memory corruption
3073| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
3074| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
3075| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
3076| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
3077| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
3078| [4470] Microsoft Office 2003 SP3 memory corruption
3079| [4453] Microsoft Excel 2003 Record Parser memory corruption
3080| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
3081| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
3082| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
3083| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
3084| [59005] Microsoft Host Integration Server 2004 denial of service
3085| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
3086| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
3087| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
3088| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
3089| [58488] Microsoft Office 2007/2010 memory corruption
3090| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
3091| [4411] Microsoft Excel 2003 memory corruption
3092| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
3093| [58240] Microsoft Visio 2003/2007 memory corruption
3094| [58237] Microsoft Visio 2003/2007/2010 memory corruption
3095| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
3096| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
3097| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
3098| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
3099| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
3100| [57691] Microsoft SQL Server 2008 Web Service information disclosure
3101| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
3102| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
3103| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
3104| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
3105| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
3106| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
3107| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
3108| [4369] Microsoft Excel 2002/2003/2007 memory corruption
3109| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
3110| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
3111| [57420] Microsoft PowerPoint 2002/2003 memory corruption
3112| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
3113| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
3114| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
3115| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
3116| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
3117| [57076] Microsoft Excel 2002/2003 memory corruption
3118| [57075] Microsoft Excel 2002/2003 memory corruption
3119| [57074] Microsoft Excel 2002 memory corruption
3120| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
3121| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
3122| [4332] Microsoft PowerPoint 2007/2010 memory corruption
3123| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
3124| [56475] Microsoft Office 2004/2008 memory corruption
3125| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
3126| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
3127| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
3128| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
3129| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
3130| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
3131| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
3132| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
3133| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
3134| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
3135| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
3136| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
3137| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
3138| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
3139| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
3140| [55765] Microsoft Office 2003/Xp Integer memory corruption
3141| [55764] Microsoft Office 2003/Xp memory corruption
3142| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
3143| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
3144| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
3145| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
3146| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
3147| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
3148| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
3149| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
3150| [55420] Microsoft Office 2007/2010 memory corruption
3151| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
3152| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
3153| [55411] Microsoft PowerPoint 2002/2003 memory corruption
3154| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
3155| [54995] Microsoft Office 2004/2008 memory corruption
3156| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
3157| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
3158| [54992] Microsoft Excel 2002 memory corruption
3159| [54991] Microsoft Office 2004 Future memory corruption
3160| [54990] Microsoft Office 2004 memory corruption
3161| [54989] Microsoft Office 2004/2008 memory corruption
3162| [54988] Microsoft Excel 2002 memory corruption
3163| [54987] Microsoft Excel 2002 memory corruption
3164| [54986] Microsoft Excel 2002/2003 memory corruption
3165| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
3166| [54984] Microsoft Office 2004/2008 memory corruption
3167| [54983] Microsoft Excel 2002 Integer memory corruption
3168| [54980] Microsoft Word 2002/2003 memory corruption
3169| [54979] Microsoft Word 2002 memory corruption
3170| [54978] Microsoft Word 2002 memory corruption
3171| [54977] Microsoft Word 2002 Heap-based memory corruption
3172| [54976] Microsoft Word 2002 memory corruption
3173| [54975] Microsoft Word 2002 memory corruption
3174| [54974] Microsoft Word 2002 memory corruption
3175| [54973] Microsoft Word 2002 memory corruption
3176| [54972] Microsoft Word 2002 memory corruption
3177| [54971] Microsoft Word 2002 memory corruption
3178| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
3179| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
3180| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
3181| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
3182| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
3183| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
3184| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
3185| [54554] Microsoft Groove 2007 mso.dll memory corruption
3186| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
3187| [54322] Microsoft Word 2002/2003 memory corruption
3188| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
3189| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
3190| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
3191| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
3192| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
3193| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
3194| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
3195| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
3196| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
3197| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
3198| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
3199| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
3200| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
3201| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
3202| [53505] Microsoft Excel 2002/2007 memory corruption
3203| [53501] Microsoft Excel 2002 memory corruption
3204| [53500] Microsoft Excel 2002 memory corruption
3205| [53499] Microsoft Excel 2002 memory corruption
3206| [53495] Microsoft Excel 2002/2003/2007 memory corruption
3207| [53494] Microsoft Excel 2002 Stack-based memory corruption
3208| [53504] Microsoft Excel 2002 memory corruption
3209| [53503] Microsoft Excel 2002 Stack-Based memory corruption
3210| [53502] Microsoft Excel 2002 Heap-based memory corruption
3211| [53498] Microsoft Excel 2002 Stack-based memory corruption
3212| [53497] Microsoft Excel 2002 memory corruption
3213| [53496] Microsoft Excel 2002 memory corruption
3214| [53493] Microsoft Excel 2002/2003/2007 memory corruption
3215| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
3216| [53366] Microsoft ASP.NET 2.0 cross site scripting
3217| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
3218| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
3219| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
3220| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
3221| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
3222| [52773] Microsoft Visio 2002/2003/2007 memory corruption
3223| [52772] Microsoft Visio 2002/2003/2007 memory corruption
3224| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
3225| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
3226| [52543] Microsoft Virtual PC 2007 unknown vulnerability
3227| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
3228| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
3229| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
3230| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
3231| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
3232| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
3233| [4090] Microsoft Excel 2002/2003/2007 memory corruption
3234| [52036] Microsoft Windows 2000 MsgBox memory corruption
3235| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
3236| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
3237| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
3238| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
3239| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
3240| [51799] Microsoft PowerPoint 2002/2003 memory corruption
3241| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
3242| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
3243| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
3244| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
3245| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
3246| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
3247| [51074] Microsoft Office 2002/2003 Integer memory corruption
3248| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
3249| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
3250| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
3251| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
3252| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
3253| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
3254| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
3255| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
3256| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
3257| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
3258| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
3259| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
3260| [50443] Microsoft PowerPoint 2007 Integer memory corruption
3261| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
3262| [49866] Microsoft Windows Server 2003 memory corruption
3263| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
3264| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
3265| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
3266| [49745] Microsoft Windows Server 2003 denial of service
3267| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
3268| [49394] Microsoft Windows Server 2003 memory corruption
3269| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
3270| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
3271| [49198] Microsoft Visual Studio 2005 information disclosure
3272| [49047] Microsoft Virtual Server 2005 privilege escalation
3273| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
3274| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
3275| [49044] Microsoft ISA Server 2006 privilege escalation
3276| [3999] Microsoft Office 2007 Pointer memory corruption
3277| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
3278| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
3279| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
3280| [48517] Microsoft Windows 2000 Memory Leak memory corruption
3281| [48516] Microsoft Windows Server 2008 unknown vulnerability
3282| [48512] Microsoft Windows Server 2008 unknown vulnerability
3283| [48515] Microsoft Office Word Viewer 2003 memory corruption
3284| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
3285| [48554] Microsoft Excel 2000/2003/2007 memory corruption
3286| [48157] Microsoft PowerPoint 2002 Sound memory corruption
3287| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
3288| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
3289| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
3290| [48150] Microsoft PowerPoint 2002 Sound memory corruption
3291| [48147] Microsoft PowerPoint 2002 Sound memory corruption
3292| [48146] Microsoft PowerPoint 2002 Integer memory corruption
3293| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
3294| [48153] Microsoft PowerPoint 2002 Sound memory corruption
3295| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
3296| [48149] Microsoft PowerPoint 2002 memory corruption
3297| [48148] Microsoft PowerPoint 2002 Sound memory corruption
3298| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
3299| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
3300| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
3301| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
3302| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
3303| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
3304| [47719] Microsoft Windows 2000 Stack-based memory corruption
3305| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
3306| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
3307| [47715] Microsoft Windows 2000 Wordpad memory corruption
3308| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
3309| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
3310| [3952] Microsoft ISA Server 2004/2006 denial of service
3311| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
3312| [47091] Microsoft Windows Server 2008 unknown vulnerability
3313| [47090] Microsoft Windows Server 2008 unknown vulnerability
3314| [3939] Microsoft Windows 2000 DNS spoofing
3315| [3938] Microsoft Windows 2000 SSL weak authentication
3316| [3937] Microsoft Windows 2000 memory corruption
3317| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
3318| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
3319| [46455] Microsoft Exchange Server 2007 denial of service
3320| [46454] Microsoft Exchange Server 2007 memory corruption
3321| [46453] Microsoft Visio 2002/2003/2007 memory corruption
3322| [46452] Microsoft Visio 2002/2003/2007 memory corruption
3323| [46451] Microsoft Visio 2002/2003/2007 memory corruption
3324| [46327] Microsoft Word 2007 information disclosure
3325| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
3326| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
3327| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
3328| [45379] Microsoft Office SharePoint Server 2007 denial of service
3329| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
3330| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
3331| [3891] Microsoft Excel 2000/2002/2003 memory corruption
3332| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
3333| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
3334| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
3335| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
3336| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
3337| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
3338| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
3339| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
3340| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
3341| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
3342| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
3343| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
3344| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
3345| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
3346| [45197] Microsoft Windows 2000 nskey.dll memory corruption
3347| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
3348| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
3349| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
3350| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
3351| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
3352| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
3353| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
3354| [3844] Microsoft Excel 2003 REPT memory corruption
3355| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
3356| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
3357| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
3358| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
3359| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
3360| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
3361| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
3362| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
3363| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
3364| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
3365| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
3366| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
3367| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
3368| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
3369| [43657] Microsoft Office 2000/2003/Xp memory corruption
3370| [43654] Microsoft SharePoint Server 2007 memory corruption
3371| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
3372| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
3373| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
3374| [3796] Microsoft Office 2000 WPG memory corruption
3375| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
3376| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
3377| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
3378| [3792] Microsoft Office 2000 EPS File memory corruption
3379| [3783] Microsoft Word 2002 memory corruption
3380| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
3381| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
3382| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
3383| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
3384| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
3385| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
3386| [42816] Microsoft Word 2000/2003 memory corruption
3387| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
3388| [42731] Microsoft Windows Server 2003 denial of service
3389| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
3390| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
3391| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
3392| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
3393| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
3394| [41880] Microsoft Project 2000/2002/2003 memory corruption
3395| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
3396| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
3397| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
3398| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
3399| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
3400| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
3401| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
3402| [41453] Microsoft Excel 2000/2002/2003 memory corruption
3403| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
3404| [41451] Microsoft Excel 2000/2002/2003 memory corruption
3405| [41450] Microsoft Excel 2000 memory corruption
3406| [41449] Microsoft Excel 2000/2002/2003 memory corruption
3407| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
3408| [3648] Microsoft Excel 2003 memory corruption
3409| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
3410| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
3411| [41002] Microsoft Office 2000/2003/Xp memory corruption
3412| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
3413| [41000] Microsoft Works 2005/8.0 memory corruption
3414| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
3415| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
3416| [40987] Microsoft Windows 2000 denial of service
3417| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
3418| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
3419| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
3420| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
3421| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
3422| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
3423| [39655] Microsoft Windows Server 2003 spoofing
3424| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
3425| [3373] Microsoft Word 2000/2002 memory corruption
3426| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
3427| [38899] Microsoft ISA Server 2004 information disclosure
3428| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
3429| [38326] Microsoft Windows 2000 attemptwrite memory corruption
3430| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
3431| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
3432| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
3433| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
3434| [37738] Microsoft Office 2002/2003 memory corruption
3435| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
3436| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
3437| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
3438| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
3439| [37566] Microsoft Excel 2003 unknown vulnerability
3440| [37526] Microsoft Windows 2000/Server 2003 denial of service
3441| [37248] Microsoft Visio 2002 Packaging memory corruption
3442| [37251] Microsoft Windows 2000 memory corruption
3443| [3119] Microsoft Visio 2002 Object memory corruption
3444| [3118] Microsoft Visio 2002 Data memory corruption
3445| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
3446| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
3447| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
3448| [36616] Microsoft Works 2004/2005/2006 memory corruption
3449| [36621] Microsoft Exchange Server 2000 Integer denial of service
3450| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
3451| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
3452| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
3453| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
3454| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
3455| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
3456| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
3457| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
3458| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
3459| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
3460| [36039] Microsoft Content Management Server 2001 memory corruption
3461| [36052] Microsoft Windows 2000 Heap-based memory corruption
3462| [36051] Microsoft Word 2007 file798-1.doc memory corruption
3463| [36050] Microsoft Word 2007 file789-1.doc memory corruption
3464| [36040] Microsoft Content Management Server 2001 cross site scripting
3465| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
3466| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
3467| [36002] Microsoft Windows 2000/XP denial of service
3468| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
3469| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
3470| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
3471| [35373] Microsoft Excel 2003 denial of service
3472| [35372] Microsoft Office 2003 denial of service
3473| [35206] Microsoft Windows Server 2003/XP Crash denial of service
3474| [35161] Microsoft ISA Server 2004 unknown vulnerability
3475| [35236] Microsoft Publisher 2007 memory corruption
3476| [2939] Microsoft Word 2000 memory corruption
3477| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
3478| [34993] Microsoft Office 2000/2003/Xp memory corruption
3479| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
3480| [35000] Microsoft Word 2000/2002/2003 memory corruption
3481| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
3482| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
3483| [2884] Microsoft Word 2000/2002/2003 memory corruption
3484| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
3485| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
3486| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
3487| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
3488| [34322] Microsoft Office 2000/2003/Xp memory corruption
3489| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
3490| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
3491| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
3492| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
3493| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
3494| [34126] Microsoft Office 2003 memory corruption
3495| [34122] Microsoft Office Web Components 2000 memory corruption
3496| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
3497| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
3498| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
3499| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
3500| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
3501| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
3502| [33766] Microsoft Word 2000/2002/2003 memory corruption
3503| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
3504| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
3505| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
3506| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
3507| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
3508| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
3509| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
3510| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
3511| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
3512| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
3513| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
3514| [32693] Microsoft Word 2004 memory corruption
3515| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
3516| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
3517| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
3518| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
3519| [32694] Microsoft Windows 2000 memory corruption
3520| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
3521| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
3522| [32687] Microsoft Word 2000/2002 memory corruption
3523| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
3524| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
3525| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
3526| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
3527| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
3528| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
3529| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
3530| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
3531| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
3532| [2593] Microsoft ASP.NET 2.0 cross site scripting
3533| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
3534| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
3535| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
3536| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
3537| [141635] Microsoft .NET Core 2.1/2.2 denial of service
3538| [141633] Microsoft Excel up to 2019 memory corruption
3539| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
3540| [141630] Microsoft Windows up to Server 2019 denial of service
3541| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
3542| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
3543| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
3544| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
3545| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
3546| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
3547| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
3548| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
3549| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
3550| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
3551| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
3552| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
3553| [141610] Microsoft Excel up to 2019 information disclosure
3554| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3555| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
3556| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
3557| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
3558| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
3559| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
3560| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
3561| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
3562| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3563| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3564| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3565| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3566| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3567| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
3568| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
3569| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3570| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3571| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3572| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3573| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
3574| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
3575| [141583] Microsoft Lync Server 2013 Conference directory traversal
3576| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
3577| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
3578| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
3579| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
3580| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
3581| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
3582| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
3583| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
3584| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
3585| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
3586| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
3587| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
3588| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
3589| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
3590| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
3591| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
3592| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
3593| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
3594| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
3595| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
3596| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
3597| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
3598| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
3599| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
3600| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
3601| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
3602| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
3603| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
3604| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
3605| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
3606| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
3607| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
3608| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
3609| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
3610| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
3611| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3612| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3613| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3614| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
3615| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
3616| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3617| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3618| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
3619| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
3620| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
3621| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
3622| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
3623| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
3624| [139911] Microsoft Windows up to Server 2019 denial of service
3625| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
3626| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
3627| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
3628| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3629| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3630| [139902] Microsoft Word up to 2019 memory corruption
3631| [139901] Microsoft Outlook up to 2019 memory corruption
3632| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
3633| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3634| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3635| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3636| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
3637| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
3638| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
3639| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
3640| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
3641| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
3642| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3643| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
3644| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
3645| [139877] Microsoft Outlook up to 2019 memory corruption
3646| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3647| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3648| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
3649| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
3650| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
3651| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
3652| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
3653| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
3654| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3655| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3656| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3657| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3658| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3659| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3660| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3661| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3662| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3663| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
3664| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
3665| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
3666| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
3667| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
3668| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
3669| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
3670| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3671| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3672| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3673| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
3674| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
3675| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
3676| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
3677| [137541] Microsoft Windows up to Server 2019 memory corruption
3678| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
3679| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
3680| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
3681| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
3682| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
3683| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
3684| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
3685| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
3686| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
3687| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
3688| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
3689| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
3690| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
3691| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
3692| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
3693| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
3694| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
3695| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
3696| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
3697| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
3698| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
3699| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
3700| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
3701| [136327] Microsoft Lync Server 2010/2013 denial of service
3702| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3703| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3704| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3705| [136323] Microsoft Windows up to Server 2019 denial of service
3706| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
3707| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3708| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
3709| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
3710| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
3711| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
3712| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
3713| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
3714| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
3715| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
3716| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
3717| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
3718| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
3719| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3720| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
3721| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
3722| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
3723| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3724| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3725| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3726| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3727| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3728| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3729| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
3730| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
3731| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
3732| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
3733| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3734| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
3735| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
3736| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3737| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
3738| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
3739| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
3740| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
3741| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
3742| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3743| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
3744| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
3745| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3746| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3747| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
3748| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3749| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3750| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
3751| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
3752| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
3753| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3754| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3755| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3756| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3757| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3758| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3759| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3760| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3761| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3762| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3763| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
3764| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3765| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3766| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3767| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
3768| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
3769| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
3770| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
3771| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
3772| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
3773| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
3774| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
3775| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
3776| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3777| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3778| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
3779| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
3780| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
3781| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
3782| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
3783| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3784| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
3785| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
3786| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3787| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3788| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
3789| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3790| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
3791| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
3792| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
3793| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
3794| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3795| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
3796| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3797| [133204] Microsoft Office/Excel up to 2019 memory corruption
3798| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3799| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3800| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3801| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
3802| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
3803| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
3804| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
3805| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
3806| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3807| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
3808| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3809| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
3810| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
3811| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3812| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
3813| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
3814| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
3815| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
3816| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
3817| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
3818| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
3819| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
3820| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
3821| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
3822| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
3823| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
3824| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
3825| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
3826| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
3827| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
3828| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
3829| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
3830| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
3831| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
3832| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
3833| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
3834| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
3835| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
3836| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
3837| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3838| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
3839| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
3840| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
3841| [131658] Microsoft Windows up to Server 2019 information disclosure
3842| [131657] Microsoft Windows up to Server 2019 denial of service
3843| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
3844| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
3845| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
3846| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
3847| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
3848| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
3849| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
3850| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
3851| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3852| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3853| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3854| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
3855| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
3856| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
3857| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
3858| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3859| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3860| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
3861| [130832] Microsoft 2013 SP1 spoofing
3862| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
3863| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
3864| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
3865| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
3866| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
3867| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
3868| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
3869| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
3870| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
3871| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
3872| [130814] Microsoft Windows up to Server 2019 privilege escalation
3873| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
3874| [130808] Microsoft Windows up to Server 2019 information disclosure
3875| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
3876| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
3877| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3878| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3879| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
3880| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
3881| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
3882| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3883| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
3884| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
3885| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
3886| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
3887| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
3888| [130792] Microsoft Windows up to Server 2019 HID information disclosure
3889| [130791] Microsoft Windows up to Server 2019 HID information disclosure
3890| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3891| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3892| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3893| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3894| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
3895| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
3896| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
3897| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
3898| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
3899| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
3900| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
3901| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
3902| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
3903| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3904| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3905| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3906| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3907| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3908| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3909| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3910| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3911| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3912| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
3913| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3914| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
3915| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
3916| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
3917| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3918| [128745] Microsoft Office up to 2019 Word Macro information disclosure
3919| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3920| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
3921| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
3922| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
3923| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
3924| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
3925| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
3926| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
3927| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
3928| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
3929| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
3930| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3931| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3932| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
3933| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
3934| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
3935| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
3936| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
3937| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
3938| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
3939| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
3940| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
3941| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
3942| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
3943| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
3944| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
3945| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
3946| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
3947| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
3948| [127817] Microsoft Excel up to 2019 information disclosure
3949| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
3950| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
3951| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
3952| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
3953| [127806] Microsoft Outlook up to 2019 memory corruption
3954| [127805] Microsoft Excel up to 2019 memory corruption
3955| [127804] Microsoft Excel up to 2019 memory corruption
3956| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
3957| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
3958| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
3959| [126755] Microsoft .NET Core 2.1 privilege escalation
3960| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
3961| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
3962| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
3963| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
3964| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3965| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
3966| [126744] Microsoft Office up to 2019 Word memory corruption
3967| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3968| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
3969| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
3970| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
3971| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
3972| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
3973| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
3974| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
3975| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
3976| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3977| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
3978| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
3979| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
3980| [126718] Microsoft Windows up to Server 2016 Search memory corruption
3981| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
3982| [126716] Microsoft Office up to 2019 Excel memory corruption
3983| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
3984| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
3985| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
3986| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
3987| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
3988| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
3989| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
3990| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3991| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
3992| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
3993| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
3994| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
3995| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
3996| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
3997| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
3998| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
3999| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
4000| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4001| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4002| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4003| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4004| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
4005| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
4006| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
4007| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
4008| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
4009| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
4010| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
4011| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
4012| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
4013| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
4014| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
4015| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
4016| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
4017| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
4018| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
4019| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
4020| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
4021| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
4022| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
4023| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
4024| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4025| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
4026| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
4027| [123849] Microsoft Windows up to Server 2016 SMB denial of service
4028| [123846] Microsoft Office 2016 on Win/Mac memory corruption
4029| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
4030| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4031| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4032| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
4033| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
4034| [123827] Microsoft Windows up to Server 2016 Image memory corruption
4035| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
4036| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
4037| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
4038| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
4039| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
4040| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
4041| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
4042| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
4043| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4044| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
4045| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
4046| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4047| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
4048| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
4049| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
4050| [122848] Microsoft Windows Security Feature 2FA weak authentication
4051| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
4052| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
4053| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
4054| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
4055| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4056| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
4057| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
4058| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
4059| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
4060| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
4061| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
4062| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4063| [121098] Microsoft Office 2016/2016 C2R memory corruption
4064| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
4065| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
4066| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4067| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
4068| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
4069| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
4070| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
4071| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
4072| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4073| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
4074| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4075| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4076| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4077| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4078| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4079| [119459] Microsoft Windows up to Server 2016 memory corruption
4080| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
4081| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
4082| [119455] Microsoft Windows up to Server 2016 denial of service
4083| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
4084| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
4085| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
4086| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
4087| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
4088| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
4089| [119436] Microsoft Windows up to Server 2016 memory corruption
4090| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
4091| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
4092| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
4093| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
4094| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
4095| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
4096| [117507] Microsoft Infopath 2013 SP1 memory corruption
4097| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
4098| [117504] Microsoft Office 2010 SP2 information disclosure
4099| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
4100| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
4101| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4102| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
4103| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
4104| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
4105| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
4106| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
4107| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4108| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4109| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4110| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4111| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4112| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4113| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
4114| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
4115| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
4116| [116132] Microsoft Office 2016 Memory information disclosure
4117| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4118| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
4119| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
4120| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
4121| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
4122| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
4123| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4124| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
4125| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
4126| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
4127| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
4128| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
4129| [116023] Microsoft Office up to 2016 C2R information disclosure
4130| [116022] Microsoft Excel 2010 SP2 memory corruption
4131| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
4132| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
4133| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4134| [116017] Microsoft Excel up to 2016 C2R memory corruption
4135| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
4136| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
4137| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
4138| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
4139| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
4140| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
4141| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
4142| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
4143| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
4144| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
4145| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
4146| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
4147| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
4148| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4149| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
4150| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
4151| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
4152| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4153| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4154| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4155| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4156| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4157| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4158| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4159| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4160| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4161| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4162| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4163| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
4164| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
4165| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
4166| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
4167| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
4168| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
4169| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
4170| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
4171| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
4172| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
4173| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
4174| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
4175| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
4176| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
4177| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
4178| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
4179| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
4180| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
4181| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
4182| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
4183| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
4184| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
4185| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
4186| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
4187| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
4188| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
4189| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
4190| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
4191| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
4192| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
4193| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
4194| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
4195| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
4196| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
4197| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
4198| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
4199| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
4200| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
4201| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
4202| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
4203| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4204| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
4205| [113232] Microsoft Excel 2016 memory corruption
4206| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
4207| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
4208| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
4209| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
4210| [111567] Microsoft Office 2010/2013/2016 memory corruption
4211| [111564] Microsoft Word 2016 memory corruption
4212| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
4213| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
4214| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
4215| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
4216| [110553] Microsoft Office 2016 C2R information disclosure
4217| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
4218| [110551] Microsoft Excel 2016 C2R memory corruption
4219| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
4220| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
4221| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
4222| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
4223| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
4224| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
4225| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
4226| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
4227| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
4228| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
4229| [107759] Microsoft Windows up to Server 2016 SMB denial of service
4230| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4231| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4232| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
4233| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
4234| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
4235| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
4236| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
4237| [107738] Microsoft Windows up to Server 2016 Search information disclosure
4238| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
4239| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
4240| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
4241| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4242| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4243| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
4244| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
4245| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
4246| [107698] Microsoft Office 2016 memory corruption
4247| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
4248| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
4249| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4250| [106529] Microsoft PowerPoint 2016 memory corruption
4251| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
4252| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
4253| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
4254| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
4255| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
4256| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
4257| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
4258| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
4259| [106474] Microsoft Office 2016 memory corruption
4260| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
4261| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
4262| [106470] Microsoft Excel 2011 on Mac memory corruption
4263| [106455] Microsoft Exchange Server 2013/2016 information disclosure
4264| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
4265| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
4266| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
4267| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
4268| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
4269| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
4270| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
4271| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
4272| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
4273| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
4274| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
4275| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
4276| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
4277| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
4278| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
4279| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
4280| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
4281| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
4282| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
4283| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
4284| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
4285| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
4286| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
4287| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
4288| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
4289| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
4290| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
4291| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
4292| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
4293| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
4294| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
4295| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
4296| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
4297| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
4298| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
4299| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
4300| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
4301| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
4302| [102463] Microsoft Project Server 2013 SP1 cross site scripting
4303| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
4304| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
4305| [102446] Microsoft Office up to 2016 privilege escalation
4306| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
4307| [102443] Microsoft Office up to 2016 privilege escalation
4308| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
4309| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
4310| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
4311| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
4312| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
4313| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
4314| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
4315| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
4316| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
4317| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
4318| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
4319| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
4320| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
4321| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
4322| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
4323| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
4324| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
4325| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
4326| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4327| [101019] Microsoft Skype for Business 2016 memory corruption
4328| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
4329| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
4330| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
4331| [101014] Microsoft Office 2010 SP2/2016 memory corruption
4332| [101013] Microsoft Office 2010 SP2/2016 memory corruption
4333| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
4334| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
4335| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
4336| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
4337| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
4338| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
4339| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
4340| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
4341| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
4342| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
4343| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
4344| [98096] Microsoft Exchange 2013 SP1 privilege escalation
4345| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
4346| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
4347| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
4348| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
4349| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
4350| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
4351| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
4352| [98081] Microsoft Excel up to 2016 information disclosure
4353| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4354| [98079] Microsoft Word 2016 memory corruption
4355| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
4356| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
4357| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
4358| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
4359| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
4360| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
4361| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
4362| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
4363| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
4364| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
4365| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
4366| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
4367| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
4368| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
4369| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
4370| [94451] Microsoft Office 2011 memory corruption
4371| [94447] Microsoft Office 2010 SP2 memory corruption
4372| [94446] Microsoft Office 2016 memory corruption
4373| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
4374| [94443] Microsoft Office up to 2016 information disclosure
4375| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
4376| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
4377| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
4378| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
4379| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
4380| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
4381| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
4382| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
4383| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
4384| [93393] Microsoft Office up to 2016 memory corruption
4385| [93392] Microsoft Office up to 2016 memory corruption
4386| [93391] Microsoft Office up to 2016 memory corruption
4387| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
4388| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
4389| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
4390| [92584] Microsoft Office up to 2016 memory corruption
4391| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
4392| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
4393| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
4394| [91555] Microsoft Exchange 2013/2016 Link spoofing
4395| [91550] Microsoft Office 2016 memory corruption
4396| [91547] Microsoft Office 2010 memory corruption
4397| [91543] Microsoft Office up to 2016 memory corruption
4398| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
4399| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
4400| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
4401| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
4402| [89043] Microsoft Office up to 2016 memory corruption
4403| [89041] Microsoft Office up to 2016 memory corruption
4404| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
4405| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
4406| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
4407| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
4408| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
4409| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
4410| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
4411| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
4412| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
4413| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
4414| [87936] Microsoft Office up to 2016 memory corruption
4415| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
4416| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
4417| [87149] Microsoft Office up to 2016 memory corruption
4418| [87148] Microsoft Office 2010 Graphics memory corruption
4419| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
4420| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
4421| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
4422| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
4423| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
4424| [81274] Microsoft Office up to 2016 memory corruption
4425| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
4426| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
4427| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
4428| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4429| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
4430| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
4431| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
4432| [80870] Microsoft Office up to 2016 memory corruption
4433| [80868] Microsoft Office up to 2016 memory corruption
4434| [80867] Microsoft Office up to 2016 memory corruption
4435| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
4436| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
4437| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
4438| [80231] Microsoft Excel up to 2016 Office Document memory corruption
4439| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
4440| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
4441| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
4442| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
4443| [80218] Microsoft Office up to 2016 ASLR privilege escalation
4444| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
4445| [80216] Microsoft Office up to 2016 Office Document memory corruption
4446| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
4447| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
4448| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
4449| [79500] Microsoft Office 2010/2011/2016 memory corruption
4450| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
4451| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
4452| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
4453| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
4454| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
4455| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
4456| [77638] Microsoft Lync Server 2013 cross site scripting
4457| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
4458| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
4459| [77050] Microsoft Office up to 2016 memory corruption
4460| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
4461| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
4462| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
4463| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
4464| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
4465| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
4466| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
4467| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
4468| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
4469| [66976] Microsoft Access 2010 VBA Datatype denial of service
4470| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
4471| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
4472| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
4473| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
4474| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
4475| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
4476| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
4477| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
4478| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
4479| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
4480| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
4481| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
4482| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
4483| [69156] Microsoft Office 2010 Object memory corruption
4484| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
4485| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
4486| [68191] Microsoft SharePoint 2010 cross site scripting
4487| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
4488| [67518] Microsoft Lync 2013 denial of service
4489| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
4490| [67516] Microsoft Lync 2010/2013 denial of service
4491| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
4492| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
4493| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
4494| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
4495| [13228] Microsoft Office 2013 Document privilege escalation
4496| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
4497| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
4498| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
4499| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
4500| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
4501| [12183] Microsoft .NET Framework 2/4 DTD denial of service
4502| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
4503| [11468] Microsoft Exchange 2010/2013 cross site scripting
4504| [11466] Microsoft Office 2013 File Response information disclosure
4505| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
4506| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
4507| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
4508| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
4509| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
4510| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
4511| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
4512| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
4513| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
4514| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
4515| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
4516| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
4517| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
4518| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
4519| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
4520| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
4521| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
4522| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
4523| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
4524| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
4525| [7343] Microsoft Lync 2012 HTTP Format String
4526| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
4527| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
4528| [6831] Microsoft Office Picture Manager 2010 File memory corruption
4529| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
4530| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
4531| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
4532| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
4533| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
4534| [5641] Microsoft SharePoint 2010 cross site scripting
4535| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
4536| [12311] Microsoft Lync 2010 Search race condition
4537| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
4538| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
4539| [60208] Microsoft Visio Viewer 2010 memory corruption
4540| [60207] Microsoft Visio Viewer 2010 memory corruption
4541| [60206] Microsoft Visio Viewer 2010 memory corruption
4542| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
4543| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
4544| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
4545| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
4546| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
4547| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
4548| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
4549| [4424] Microsoft Host Integration Server up to 2010 denial of service
4550| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
4551| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
4552| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
4553| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
4554| [4414] Microsoft SharePoint 2010 cross site scripting
4555| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
4556| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
4557| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
4558| [56028] Microsoft Data Access Components 2.8 memory corruption
4559| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
4560| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
4561| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
4562| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
4563| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
4564| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
4565| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
4566| [4009] Microsoft NET Framework 2.x/3.x denial of service
4567| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
4568| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4569| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4570| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
4571| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
4572| [32692] Microsoft XML Core Services up to 2.6 memory corruption
4573| [32691] Microsoft XML Core Services up to 2.6 memory corruption
4574|
4575| MITRE CVE - https://cve.mitre.org:
4576| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
4577| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
4578| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
4579| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
4580| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
4581| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
4582| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
4583| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
4584| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
4585| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
4586| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
4587| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
4588| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
4589| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
4590| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
4591| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
4592| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
4593| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
4594| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
4595| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
4596| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
4597| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
4598| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
4599| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
4600| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
4601| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
4602| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
4603| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
4604| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
4605| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
4606| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
4607| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
4608| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
4609| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
4610| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
4611| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
4612| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
4613| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
4614| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
4615| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
4616| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
4617| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
4618| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
4619| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
4620| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
4621| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
4622| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
4623| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
4624| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
4625| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4626| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4627| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4628| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4629| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4630| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4631| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4632| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4633| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4634| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4635| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4636| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4637| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4638| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4639| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4640| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4641| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4642| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4643| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4644| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4645| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4646| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4647| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4648| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4649| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4650| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4651| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4652| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4653| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4654| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
4655| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
4656| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
4657| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
4658| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
4659| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
4660| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
4661| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
4662| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
4663| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
4664| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
4665| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
4666| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
4667| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
4668| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
4669| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
4670| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
4671| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
4672| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
4673| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
4674| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
4675| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
4676| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
4677| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
4678| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
4679| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
4680| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
4681| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
4682| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
4683| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
4684| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
4685| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
4686| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
4687| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
4688| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
4689| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
4690| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
4691| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
4692| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
4693| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
4694| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
4695| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
4696| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
4697| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
4698| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
4699| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
4700| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
4701| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
4702| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
4703| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
4704| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
4705| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
4706| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
4707| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4708| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
4709| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
4710| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
4711| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4712| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
4713| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
4714| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
4715| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
4716| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
4717| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
4718| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
4719| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
4720| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
4721| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
4722| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4723| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
4724| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
4725| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
4726| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
4727| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
4728| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
4729| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
4730| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
4731| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
4732| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
4733| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
4734| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
4735| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
4736| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
4737| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
4738| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
4739| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4740| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
4741| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
4742| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
4743| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
4744| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
4745| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
4746| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4747| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
4748| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
4749| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4750| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
4751| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
4752| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
4753| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
4754| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
4755| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
4756| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
4757| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
4758| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
4759| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
4760| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
4761| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
4762| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
4763| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
4764| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
4765| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
4766| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
4767| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
4768| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
4769| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
4770| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
4771| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
4772| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
4773| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
4774| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
4775| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
4776| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
4777| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
4778| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
4779| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
4780| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
4781| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
4782| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
4783| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
4784| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
4785| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
4786| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
4787| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4788| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
4789| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
4790| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
4791| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
4792| [CVE-2011-1990] Microsoft Excel 2007 SP2
4793| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
4794| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
4795| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
4796| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
4797| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
4798| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
4799| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
4800| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
4801| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
4802| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
4803| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
4804| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
4805| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
4806| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
4807| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
4808| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
4809| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
4810| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
4811| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
4812| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
4813| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
4814| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
4815| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
4816| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
4817| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4818| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4819| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4820| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4821| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4822| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4823| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4824| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
4825| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4826| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4827| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
4828| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4829| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4830| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
4831| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
4832| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
4833| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
4834| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
4835| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
4836| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
4837| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
4838| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
4839| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
4840| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
4841| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
4842| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
4843| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
4844| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
4845| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
4846| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4847| [CVE-2011-1275] Microsoft Excel 2002 SP3
4848| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4849| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4850| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4851| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
4852| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
4853| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
4854| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
4855| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
4856| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
4857| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
4858| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
4859| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
4860| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
4861| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
4862| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4863| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4864| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4865| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4866| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4867| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4868| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4869| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4870| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4871| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4872| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4873| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4874| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4875| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4876| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4877| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4878| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4879| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4880| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
4881| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4882| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
4883| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
4884| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
4885| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4886| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
4887| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4888| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4889| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4890| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4891| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4892| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4893| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4894| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4895| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
4896| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
4897| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
4898| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
4899| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
4900| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
4901| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4902| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
4903| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
4904| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
4905| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
4906| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
4907| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
4908| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
4909| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4910| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4911| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
4912| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
4913| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
4914| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
4915| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4916| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
4917| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
4918| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
4919| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
4920| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
4921| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
4922| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
4923| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
4924| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
4925| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
4926| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
4927| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
4928| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
4929| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
4930| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
4931| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
4932| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
4933| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
4934| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
4935| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
4936| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
4937| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
4938| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
4939| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
4940| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
4941| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
4942| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
4943| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
4944| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
4945| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
4946| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
4947| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
4948| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
4949| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
4950| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
4951| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
4952| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
4953| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
4954| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
4955| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
4956| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
4957| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
4958| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
4959| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
4960| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
4961| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
4962| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
4963| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
4964| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
4965| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
4966| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
4967| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
4968| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
4969| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
4970| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
4971| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
4972| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
4973| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
4974| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
4975| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
4976| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
4977| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
4978| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
4979| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
4980| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
4981| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
4982| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
4983| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
4984| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
4985| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
4986| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
4987| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
4988| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
4989| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
4990| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
4991| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
4992| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
4993| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
4994| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
4995| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
4996| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
4997| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
4998| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
4999| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
5000| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
5001| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
5002| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
5003| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
5004| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
5005| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
5006| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
5007| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
5008| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
5009| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
5010| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
5011| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
5012| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
5013| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
5014| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
5015| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
5016| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
5017| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
5018| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
5019| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
5020| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
5021| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
5022| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
5023| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
5024| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
5025| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
5026| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
5027| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
5028| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
5029| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
5030| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
5031| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
5032| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
5033| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
5034| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
5035| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
5036| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
5037| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
5038| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
5039| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
5040| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
5041| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
5042| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
5043| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
5044| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
5045| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
5046| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
5047| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
5048| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
5049| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
5050| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
5051| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
5052| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
5053| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
5054| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
5055| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
5056| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
5057| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
5058| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
5059| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
5060| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
5061| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
5062| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
5063| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
5064| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
5065| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
5066| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
5067| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
5068| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
5069| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
5070| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
5071| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
5072| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
5073| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
5074| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
5075| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
5076| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
5077| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
5078| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
5079| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
5080| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
5081| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
5082| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
5083| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
5084| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
5085| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
5086| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
5087| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
5088| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
5089| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
5090| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
5091| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
5092| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
5093| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
5094| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
5095| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
5096| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
5097| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
5098| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
5099| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
5100| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
5101| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
5102| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
5103| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
5104| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
5105| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
5106| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
5107| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
5108| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
5109| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
5110| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5111| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
5112| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
5113| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
5114| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
5115| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
5116| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
5117| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
5118| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
5119| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
5120| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
5121| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
5122| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
5123| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
5124| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
5125| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
5126| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
5127| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
5128| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
5129| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
5130| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
5131| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
5132| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
5133| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
5134| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
5135| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
5136| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
5137| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
5138| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
5139| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
5140| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
5141| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
5142| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
5143| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
5144| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
5145| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
5146| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
5147| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
5148| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
5149| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
5150| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
5151| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
5152| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
5153| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
5154| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
5155| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
5156| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
5157| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
5158| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
5159| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
5160| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
5161| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
5162| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5163| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
5164| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5165| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5166| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
5167| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5168| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
5169| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
5170| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
5171| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
5172| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
5173| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
5174| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
5175| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
5176| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
5177| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
5178| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
5179| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
5180| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
5181| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
5182| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
5183| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
5184| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
5185| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
5186| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
5187| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
5188| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
5189| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
5190| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
5191| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
5192| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
5193| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
5194| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
5195| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
5196| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
5197| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
5198| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
5199| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
5200| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
5201| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
5202| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
5203| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
5204| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
5205| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
5206| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
5207| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
5208| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
5209| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
5210| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
5211| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
5212| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
5213| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
5214| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
5215| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
5216| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
5217| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
5218| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
5219| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
5220| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
5221| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
5222| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
5223| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
5224| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
5225| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
5226| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
5227| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
5228| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
5229| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
5230| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
5231| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
5232| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
5233| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
5234| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
5235| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
5236| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
5237| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
5238| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
5239| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
5240| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
5241| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
5242| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
5243| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
5244| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
5245| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
5246| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
5247| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5248| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
5249| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
5250| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
5251| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
5252| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
5253| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
5254| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
5255| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
5256| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
5257| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
5258| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
5259| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
5260| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
5261| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
5262| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
5263| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
5264| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
5265| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
5266| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
5267| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
5268| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
5269| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
5270| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
5271| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
5272| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
5273| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
5274| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
5275| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
5276| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
5277| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
5278| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
5279| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
5280| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
5281| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
5282| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
5283| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
5284| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
5285| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
5286| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
5287| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
5288| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
5289| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
5290| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
5291| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
5292| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
5293| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
5294| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
5295| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
5296| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
5297| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
5298| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
5299| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
5300| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
5301| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
5302| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
5303| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
5304| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
5305| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
5306| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
5307| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
5308| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
5309| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
5310| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
5311| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
5312| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
5313| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
5314| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
5315| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5316| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
5317| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
5318| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
5319| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
5320| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
5321| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
5322| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
5323| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
5324| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5325| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
5326| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
5327| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
5328| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
5329| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
5330| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
5331| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
5332| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
5333| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
5334| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
5335| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
5336| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5337| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5338| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5339| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5340| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5341| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
5342| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
5343| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
5344| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
5345| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
5346| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
5347| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
5348| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
5349| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
5350| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
5351| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
5352| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
5353| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
5354| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
5355| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
5356| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
5357| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
5358| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
5359| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
5360| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
5361| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
5362| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
5363| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
5364| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
5365| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
5366| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
5367| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
5368| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
5369| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
5370| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
5371| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
5372| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
5373| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
5374| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
5375| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
5376| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
5377| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
5378| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
5379| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
5380| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
5381| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
5382| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
5383| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
5384| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
5385| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
5386| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
5387| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
5388| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
5389| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
5390| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
5391| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
5392| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
5393| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
5394| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
5395| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
5396| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
5397| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
5398| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
5399| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
5400| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
5401| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
5402| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
5403| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
5404| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
5405| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
5406| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
5407| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
5408| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
5409| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
5410| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
5411| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
5412| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
5413| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
5414| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
5415| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
5416| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
5417| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
5418| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
5419| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
5420| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
5421| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
5422| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
5423| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
5424| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
5425| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
5426| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
5427| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
5428| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
5429| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
5430| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
5431| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
5432| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
5433| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
5434| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
5435| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
5436| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
5437| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
5438| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
5439| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
5440| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
5441| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
5442| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
5443| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
5444| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
5445| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
5446| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
5447| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
5448| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
5449| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
5450| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
5451| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
5452| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
5453| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
5454| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
5455| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
5456| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
5457| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
5458| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
5459| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
5460| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
5461| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
5462| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
5463| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
5464| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
5465| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
5466| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
5467| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
5468| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
5469| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
5470| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
5471| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
5472| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
5473| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
5474| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
5475| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
5476| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
5477| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
5478| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
5479| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
5480| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
5481| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
5482| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
5483| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
5484| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
5485| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
5486| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
5487| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
5488| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
5489| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
5490| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
5491| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
5492| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
5493| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
5494| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
5495| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
5496| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
5497| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
5498| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
5499| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
5500| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
5501| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
5502| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
5503| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
5504| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
5505| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
5506| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
5507| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
5508| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
5509| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
5510| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
5511| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
5512| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
5513| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
5514| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
5515| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
5516| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
5517| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
5518| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
5519| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
5520| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
5521| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
5522| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
5523| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
5524| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
5525| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
5526| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
5527| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
5528| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
5529| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
5530| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
5531| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
5532| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
5533| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
5534| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
5535| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
5536| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
5537| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
5538| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
5539| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
5540| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
5541| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
5542| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
5543| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
5544| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
5545| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
5546| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
5547| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
5548| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
5549| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
5550| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
5551| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
5552| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
5553| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
5554| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
5555| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
5556| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
5557| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
5558| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
5559| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
5560| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
5561| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
5562| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
5563| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
5564| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
5565| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
5566| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
5567| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
5568| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
5569| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
5570| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
5571| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
5572| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
5573| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
5574| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
5575| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
5576| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
5577| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
5578| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
5579| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
5580| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
5581| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
5582| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
5583| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
5584| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
5585| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
5586| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
5587| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
5588| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
5589| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
5590| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
5591| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
5592| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
5593| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
5594| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
5595| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
5596| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
5597| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
5598| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
5599| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
5600| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
5601| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
5602| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
5603| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
5604| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
5605| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
5606| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
5607| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
5608| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
5609| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
5610| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
5611| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
5612| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
5613| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
5614| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
5615| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
5616| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
5617| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
5618| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
5619| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
5620| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
5621| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
5622| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
5623| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
5624| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
5625| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
5626| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
5627| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
5628| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
5629| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
5630| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
5631| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
5632| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
5633| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
5634| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
5635| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
5636| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
5637| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
5638| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
5639| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
5640| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
5641| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
5642| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
5643| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
5644| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
5645| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
5646| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
5647| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
5648| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
5649| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
5650| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
5651| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
5652| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
5653| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
5654| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
5655| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
5656| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
5657| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
5658| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
5659| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
5660| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
5661| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
5662| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
5663| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
5664| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
5665| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
5666| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
5667| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
5668| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
5669| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
5670| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
5671| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
5672| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
5673| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
5674| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
5675| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
5676| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
5677| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
5678| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
5679| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
5680| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
5681| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
5682| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
5683| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
5684| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
5685| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
5686| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
5687| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
5688| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
5689| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
5690| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
5691| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
5692| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
5693| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
5694| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
5695| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
5696| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
5697| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
5698| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
5699| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
5700| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
5701| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
5702| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
5703| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
5704| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
5705| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
5706| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
5707| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
5708| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
5709| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
5710| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
5711| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
5712| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
5713| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
5714| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
5715| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
5716| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
5717| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
5718| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
5719| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
5720| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
5721| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
5722| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
5723| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
5724| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
5725| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
5726| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
5727| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
5728| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
5729| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
5730| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
5731| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
5732| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
5733| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
5734| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
5735| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
5736| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
5737| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
5738| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
5739| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
5740| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
5741| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
5742| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
5743| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
5744| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
5745| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
5746| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
5747| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
5748| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
5749| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
5750| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
5751| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
5752| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
5753| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
5754| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
5755| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
5756| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
5757| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
5758| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
5759| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
5760| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
5761| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
5762| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
5763| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
5764| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
5765| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
5766| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
5767| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
5768| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
5769| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
5770| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
5771| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
5772| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
5773| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
5774| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
5775| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
5776| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
5777| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
5778| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
5779| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
5780| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
5781| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
5782| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
5783| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
5784| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
5785| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
5786| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
5787| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
5788| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
5789| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
5790| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
5791| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
5792| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
5793| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
5794| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
5795| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
5796| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
5797| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
5798| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
5799| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
5800| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
5801| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
5802| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
5803| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
5804| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
5805| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
5806| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
5807| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
5808| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
5809| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
5810| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
5811| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
5812| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
5813| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
5814| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
5815| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
5816| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
5817| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
5818| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
5819| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
5820| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
5821| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
5822| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
5823| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
5824| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
5825| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
5826| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
5827| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
5828| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
5829| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
5830| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
5831| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
5832| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
5833| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
5834| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
5835| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
5836| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
5837| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
5838| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
5839| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
5840| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
5841| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
5842| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
5843| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
5844| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
5845| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
5846| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
5847| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
5848| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
5849| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
5850| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
5851| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
5852| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
5853| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
5854| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
5855| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
5856| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
5857| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
5858| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
5859| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
5860| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
5861| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
5862| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
5863| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
5864| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
5865| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
5866| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
5867| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
5868| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
5869| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
5870| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
5871| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
5872| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
5873| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
5874| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
5875| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
5876| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
5877| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
5878| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
5879| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
5880| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
5881| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
5882| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
5883| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
5884| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
5885| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
5886| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
5887| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
5888| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
5889| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
5890| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
5891| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
5892| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
5893| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
5894| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
5895| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
5896| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
5897| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
5898| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
5899| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
5900| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
5901| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
5902| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
5903| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
5904| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
5905| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
5906| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
5907| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
5908| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
5909| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
5910| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
5911| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
5912| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
5913| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
5914| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
5915| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
5916| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
5917| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
5918| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5919| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5920| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5921| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
5922| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
5923| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
5924| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
5925| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
5926| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
5927| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
5928| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
5929| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
5930| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
5931| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
5932| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
5933| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
5934| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
5935| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5936| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5937| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
5938| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
5939| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
5940| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
5941| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
5942| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
5943| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
5944| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
5945| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
5946| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
5947| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
5948| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
5949| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
5950| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
5951| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
5952| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
5953| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
5954| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
5955| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
5956| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5957| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
5958| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
5959| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
5960| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
5961| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
5962| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
5963| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
5964| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
5965| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5966| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
5967| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
5968| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
5969| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
5970| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
5971| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5972| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5973| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5974| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
5975| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
5976| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
5977| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
5978| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
5979| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
5980| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
5981| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
5982| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
5983| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5984| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
5985| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
5986| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
5987| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
5988| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
5989| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
5990| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
5991| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
5992| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
5993| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
5994| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
5995| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
5996| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
5997| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
5998| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
5999| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
6000| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
6001| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
6002| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
6003| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
6004| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
6005| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
6006| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
6007| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
6008| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
6009| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
6010| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
6011| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
6012| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
6013| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
6014| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
6015| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
6016| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
6017| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
6018| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
6019| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
6020| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
6021| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
6022| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
6023| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
6024| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
6025| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
6026| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
6027| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
6028| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
6029| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
6030| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
6031| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
6032| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
6033| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
6034| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
6035| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
6036| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
6037| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
6038| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
6039| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
6040| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
6041| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
6042| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
6043| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
6044| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
6045| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
6046| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
6047| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
6048| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
6049| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
6050| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
6051| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
6052| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
6053| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
6054| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
6055| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
6056| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
6057| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
6058| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
6059| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
6060| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
6061| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
6062| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
6063| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
6064| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
6065| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
6066|
6067| SecurityFocus - https://www.securityfocus.com/bid/:
6068| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
6069| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
6070| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
6071| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
6072| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
6073| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
6074| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
6075| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
6076| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
6077| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
6078| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
6079| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
6080| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
6081| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
6082| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
6083| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
6084| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
6085| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
6086| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
6087| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
6088| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
6089| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
6090| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
6091| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
6092| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
6093| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
6094| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
6095| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
6096| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
6097| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
6098| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
6099| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
6100| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
6101| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
6102| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
6103| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
6104| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
6105| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
6106| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
6107| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
6108| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
6109| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
6110| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
6111| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
6112| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
6113| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
6114| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
6115| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
6116| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
6117| [22716] Microsoft Office 2003 Denial of Service Vulnerability
6118| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
6119| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
6120| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
6121| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
6122| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
6123| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
6124| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
6125| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
6126| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
6127| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
6128| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
6129| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
6130| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
6131| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
6132| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
6133| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
6134| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
6135| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
6136| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
6137| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
6138| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
6139| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
6140| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
6141| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
6142| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
6143| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
6144| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
6145| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
6146| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
6147| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
6148| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
6149| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
6150| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
6151| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
6152| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
6153| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
6154| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
6155| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
6156| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
6157| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
6158| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
6159| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
6160| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
6161| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
6162| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
6163| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
6164| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
6165| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
6166| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
6167| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
6168| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
6169| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
6170| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
6171| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
6172| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
6173| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
6174| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
6175| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
6176| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
6177| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
6178| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
6179| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
6180| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
6181| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
6182| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
6183| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
6184| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
6185| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
6186| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
6187| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
6188| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
6189| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
6190| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
6191| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
6192| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
6193| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
6194| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
6195| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
6196| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
6197| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
6198| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
6199| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
6200| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
6201| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
6202| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
6203| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
6204| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
6205| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
6206| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
6207| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
6208| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
6209| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
6210| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
6211| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
6212| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
6213| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
6214| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
6215| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
6216| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
6217| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
6218| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
6219| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
6220| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
6221| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
6222| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
6223| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
6224| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
6225| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
6226| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
6227| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
6228| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
6229| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
6230| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
6231| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
6232| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
6233| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
6234| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
6235| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
6236| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
6237| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
6238| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
6239| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
6240| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
6241| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
6242| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
6243| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
6244| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
6245| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
6246| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
6247| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
6248| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
6249| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
6250| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
6251| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
6252| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
6253| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
6254| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
6255| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
6256| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
6257| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
6258| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
6259| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
6260| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
6261| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
6262| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
6263| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
6264| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
6265| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
6266| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
6267| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
6268| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
6269| [1197] Microsoft Office 2000 UA Control Vulnerability
6270| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
6271| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
6272| [539] Microsoft Windows 2000 EFS Vulnerability
6273| [180] Microsoft Windows April Fools 2001 Vulnerability
6274| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
6275| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
6276| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
6277| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
6278| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
6279| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
6280| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
6281| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
6282| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
6283| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
6284| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
6285| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
6286| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
6287| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
6288| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
6289| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
6290| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
6291| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
6292| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
6293| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
6294| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
6295| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
6296| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
6297| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
6298| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
6299| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
6300| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
6301| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
6302| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
6303| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
6304| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
6305| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
6306| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
6307| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
6308| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
6309| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
6310| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
6311| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
6312| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
6313| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
6314| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
6315| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
6316| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
6317| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
6318| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
6319| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
6320| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
6321| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
6322| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
6323| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
6324| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
6325| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
6326| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
6327| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
6328| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
6329| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
6330| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
6331| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
6332| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
6333| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
6334| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
6335| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
6336| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
6337| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
6338| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
6339|
6340| IBM X-Force - https://exchange.xforce.ibmcloud.com:
6341| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
6342| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
6343| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
6344| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
6345| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
6346| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
6347| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
6348| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
6349| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
6350| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
6351| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
6352| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
6353| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
6354| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
6355| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
6356| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
6357| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
6358| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
6359| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
6360| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
6361| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
6362| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
6363| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
6364| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
6365| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
6366| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
6367| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
6368| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
6369| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
6370| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
6371| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
6372| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
6373| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
6374| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
6375| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
6376| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
6377| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
6378| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
6379| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
6380| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
6381| [48595] Microsoft Word 2007 Email as PDF information disclosure
6382| [46102] Microsoft Windows 2003 SP2 is not installed on the system
6383| [46101] Microsoft Windows 2003 SP1 is not installed on the system
6384| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
6385| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
6386| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
6387| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
6388| [34599] Microsoft Windows Server 2003 terminal server security bypass
6389| [34473] Microsoft Office 2000 ActiveX control buffer overflow
6390| [33713] Microsoft Word 2007 multiple unspecified denial of service
6391| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
6392| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
6393| [31821] Microsoft Windows time zone update for year 2007
6394| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
6395| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
6396| [29546] Microsoft Windows 2000/2003 user logoff initiated
6397| [29545] Microsoft Windows 2000/2003 system time changed
6398| [29544] Microsoft Windows 2000/2003 system security access removed
6399| [29543] Microsoft Windows 2000/2003 security access granted
6400| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
6401| [29541] Microsoft Windows 2000/2003 primary security token issued
6402| [29540] Microsoft Windows 2000/2003 user password reset successful
6403| [29539] Microsoft Windows 2000/2003 object indirectly accessed
6404| [29538] Microsoft Windows 2000/2003 object handle duplicated
6405| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
6406| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
6407| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
6408| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
6409| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
6410| [29532] Microsoft Windows 2000/2003 IKE security association established
6411| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
6412| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
6413| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
6414| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
6415| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
6416| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
6417| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
6418| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
6419| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
6420| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
6421| [29521] Microsoft Windows 2000/2003 account name changed
6422| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
6423| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
6424| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
6425| [26118] Microsoft Office 2003 mailto: information disclosure
6426| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
6427| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
6428| [24473] Microsoft Windows 2000 event ID 565 not logged
6429| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
6430| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
6431| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
6432| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
6433| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
6434| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
6435| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
6436| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
6437| [22183] Microsoft Exchange Server 2003 public folder denial of service
6438| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
6439| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
6440| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
6441| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
6442| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
6443| [19629] Microsoft Exchange Server 2003 folder denial of service
6444| [17826] Microsoft Outlook 2003 CID security bypass
6445| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
6446| [17621] Microsoft Windows 2003 SMTP service code execution
6447| [17560] Microsoft Windows 2000 and XP GDI library denial of service
6448| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
6449| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
6450| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
6451| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
6452| [16907] Microsoft Windows 2003 users with Create global objects privilege
6453| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
6454| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
6455| [16704] Microsoft Windows 2000 Media Player control code execution
6456| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
6457| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
6458| [16570] Microsoft Windows 2003 Users with Create global objects privilege
6459| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
6460| [16562] Microsoft Windows 2003 Groups with "
6461| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
6462| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
6463| [16520] Microsoft Windows 2003 Create global objects privilege
6464| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
6465| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
6466| [16119] Microsoft Outlook 2000 URL spoofing
6467| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
6468| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
6469| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
6470| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
6471| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
6472| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
6473| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
6474| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
6475| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
6476| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
6477| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
6478| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
6479| [13426] Microsoft Windows 2000 and XP RPC race condition
6480| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
6481| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
6482| [13385] Microsoft Windows Server 2003 "
6483| [13211] Microsoft Windows 2000 and XP URG memory leak
6484| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
6485| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
6486| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
6487| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
6488| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
6489| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
6490| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
6491| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
6492| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
6493| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
6494| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
6495| [11901] Microsoft BizTalk Server 2002 SQL injection
6496| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
6497| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
6498| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
6499| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
6500| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
6501| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
6502| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
6503| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
6504| [11216] Microsoft Windows NT and 2000 command prompt denial of service
6505| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
6506| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
6507| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
6508| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
6509| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
6510| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
6511| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
6512| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
6513| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
6514| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
6515| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
6516| [9779] Microsoft Windows 2000 weak system partition permissions
6517| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
6518| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
6519| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
6520| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
6521| [8867] Microsoft Windows 2000 LanMan denial of service
6522| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
6523| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
6524| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
6525| [8739] Microsoft Windows 2000 DCOM memory leak
6526| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
6527| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
6528| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
6529| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
6530| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
6531| [8199] Microsoft Windows 2000 Terminal Services unlocked client
6532| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
6533| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
6534| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
6535| [8037] Microsoft Windows 2000 empty TCP packet denial of service
6536| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
6537| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
6538| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
6539| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
6540| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
6541| [7533] Microsoft Windows 2000 RunAs service denial of service
6542| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
6543| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
6544| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
6545| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
6546| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
6547| [7008] Microsoft Windows 2000 IrDA device denial of service
6548| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
6549| [6931] Microsoft Windows 2000 without Service Pack 2
6550| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
6551| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
6552| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
6553| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
6554| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
6555| [6669] Microsoft Windows 2000 Telnet system call denial of service
6556| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
6557| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
6558| [6666] Microsoft Windows 2000 Telnet username denial of service
6559| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
6560| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
6561| [6652] Microsoft Exchange 2000 OWA script execution
6562| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
6563| [6506] Microsoft Windows 2000 Server Kerberos denial of service
6564| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
6565| [6160] Microsoft Windows 2000 event viewer buffer overflow
6566| [6136] Microsoft Windows 2000 domain controller denial of service
6567| [6035] Microsoft Windows 2000 Server RDP denial of service
6568| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
6569| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
6570| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
6571| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
6572| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
6573| [5585] Microsoft Windows 2000 brute force attack
6574| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
6575| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
6576| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
6577| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
6578| [5263] Microsoft Office 2000 executes .dll without users knowledge
6579| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
6580| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
6581| [5203] Microsoft Windows 2000 still image service
6582| [5171] Microsoft Windows 2000 Local Security Policy corruption
6583| [5080] Microsoft Office 2000 HTML object tag buffer overflow
6584| [5033] Microsoft Windows 2000 without Service Pack 1
6585| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
6586| [5015] Microsoft Windows NT and 2000 executable path
6587| [4887] Microsoft Windows 2000 Kerberos ticket renewed
6588| [4886] Microsoft Windows 2000 logon session reconnected
6589| [4885] Microsoft Windows 2000 logon session disconnected
6590| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
6591| [4873] Microsoft Windows 2000 user account mapped for logon
6592| [4872] Microsoft Windows 2000 account logon failed
6593| [4871] Microsoft Windows 2000 account used for logon
6594| [4855] Microsoft Windows 2000 group type change
6595| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
6596| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
6597| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
6598| [4819] Microsoft Windows 2000 default SYSKEY configuration
6599| [4787] Microsoft Windows 2000 user account locked out
6600| [4786] Microsoft Windows 2000 computer account created
6601| [4785] Microsoft Windows 2000 computer account changed
6602| [4784] Microsoft Windows 2000 computer account deleted
6603| [4714] Microsoft Windows 2000 "
6604| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
6605| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
6606| [4138] Microsoft Windows 2000 system file integrity feature is disabled
6607| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
6608| [4085] Microsoft Windows 2000 non-Gregorial calendar error
6609| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
6610| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
6611| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
6612| [4080] Microsoft Windows 2000 AOL image support
6613| [4079] Microsoft Windows 2000 High Encryption Pack
6614| [3854] Microsoft Office 2000 security setting
6615| [1376] Microsoft Proxy 2.0 denial of service
6616| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
6617| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
6618| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
6619| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
6620| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
6621| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
6622| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
6623| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
6624| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
6625| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
6626| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
6627| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
6628| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
6629| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
6630| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
6631| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
6632| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
6633| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
6634| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
6635| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
6636| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
6637| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
6638| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
6639| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
6640| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
6641| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
6642| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
6643| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
6644| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
6645| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
6646| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
6647| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
6648| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
6649| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
6650| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
6651| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
6652| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
6653| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
6654| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
6655| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
6656| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
6657| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
6658| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
6659| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
6660| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
6661| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
6662| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
6663| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
6664| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
6665| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
6666| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
6667| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
6668| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
6669| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
6670| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
6671| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
6672| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
6673| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
6674| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
6675| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
6676| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
6677| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
6678| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
6679| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
6680| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
6681| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
6682| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
6683| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
6684| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
6685| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
6686| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
6687| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
6688| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
6689| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
6690| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
6691| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
6692| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
6693| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
6694| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
6695| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
6696| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
6697| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
6698| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
6699| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
6700| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
6701| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
6702| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
6703| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
6704| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
6705| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
6706| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
6707| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
6708| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
6709| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
6710| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
6711| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
6712| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
6713| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
6714| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
6715| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
6716| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
6717| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
6718| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
6719| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
6720| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
6721| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
6722| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
6723| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
6724| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
6725| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
6726| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
6727| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
6728| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
6729| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
6730| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
6731| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
6732| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
6733| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
6734| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
6735| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
6736| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
6737| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
6738| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
6739| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
6740| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
6741| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
6742| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
6743| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
6744| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
6745| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
6746| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
6747| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
6748| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
6749| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
6750| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
6751| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
6752| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
6753| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
6754| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
6755| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
6756| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
6757| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
6758| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
6759| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
6760| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
6761| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
6762| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
6763| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
6764| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
6765| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
6766| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
6767| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
6768| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
6769| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
6770| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
6771| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
6772| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
6773| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
6774| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
6775| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
6776| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
6777| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
6778| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
6779| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
6780| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
6781| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
6782| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
6783| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
6784| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
6785| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
6786| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
6787| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
6788| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
6789| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
6790| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
6791| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
6792| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
6793| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
6794| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
6795| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
6796| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
6797| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
6798| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
6799| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
6800| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
6801| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
6802| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
6803| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
6804| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
6805| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
6806| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
6807| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
6808| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
6809| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
6810| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
6811| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
6812| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
6813| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
6814| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
6815| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
6816| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
6817| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
6818| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
6819| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
6820| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
6821| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
6822| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
6823| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
6824| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
6825| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
6826| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
6827| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
6828| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
6829| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
6830| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
6831| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
6832| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
6833| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
6834| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
6835| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
6836| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
6837| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
6838| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
6839| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
6840| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
6841| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
6842| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
6843| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
6844| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
6845| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
6846| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
6847| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
6848| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
6849| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
6850| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
6851| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
6852| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
6853| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
6854| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
6855| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
6856| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
6857| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
6858| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
6859| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
6860| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
6861| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
6862| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
6863| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
6864| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
6865| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
6866| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
6867| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
6868| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
6869| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
6870| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
6871| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
6872| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
6873| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
6874| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
6875| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
6876| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
6877| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
6878| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
6879| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
6880| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
6881| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
6882| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
6883| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
6884| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
6885| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
6886| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
6887| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
6888| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6889| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
6890| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
6891| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
6892| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
6893| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
6894| [9146] Microsoft Passport SDK 2.1 events reporting disabled
6895| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
6896| [9067] Microsoft Passport SDK 2.1 default test site exposure
6897| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
6898| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
6899| [9064] Microsoft Passport SDK 2.1 default time window exposure
6900| [1271] Microsoft IIS version 2 installed
6901| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
6902|
6903| Exploit-DB - https://www.exploit-db.com:
6904| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
6905| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
6906| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
6907| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
6908| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
6909| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
6910| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
6911| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
6912| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
6913| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
6914| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
6915| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
6916| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
6917| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
6918| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
6919| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
6920| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
6921| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
6922| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
6923| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
6924| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
6925| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
6926| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
6927| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
6928| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
6929| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
6930| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
6931| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
6932| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
6933| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
6934| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
6935| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
6936| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
6937| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
6938| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
6939| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
6940| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
6941| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
6942| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
6943| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
6944| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
6945| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
6946| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
6947| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
6948| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
6949| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
6950| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
6951| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
6952| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
6953| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
6954| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
6955| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
6956| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
6957| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
6958| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
6959| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
6960| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
6961| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
6962| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
6963| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
6964| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
6965| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
6966| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
6967| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
6968| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
6969| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
6970| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
6971| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
6972| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
6973| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
6974| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
6975| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
6976| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
6977| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
6978| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
6979| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
6980| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
6981| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
6982| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
6983| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
6984| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
6985| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
6986| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
6987| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
6988| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
6989| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
6990| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
6991| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
6992| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
6993| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
6994| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
6995| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
6996| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
6997| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
6998| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
6999| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
7000| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
7001| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
7002| [18334] Microsoft Office 2003 Home/Pro 0day
7003| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
7004| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
7005| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
7006| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
7007| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
7008| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
7009| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
7010| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
7011| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
7012| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
7013| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
7014| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
7015| [3690] microsoft office word 2007 - Multiple Vulnerabilities
7016| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
7017| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
7018| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
7019| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
7020| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
7021| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
7022| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
7023| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
7024| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
7025| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
7026| [22850] Microsoft Office OneNote 2010 Crash PoC
7027| [22679] Microsoft Visio 2010 Crash PoC
7028| [22655] Microsoft Publisher 2013 Crash PoC
7029| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
7030| [22330] Microsoft Office Excel 2010 Crash PoC
7031| [22310] Microsoft Office Publisher 2010 Crash PoC
7032| [22237] Microsoft Office Picture Manager 2010 Crash PoC
7033| [22215] Microsoft Office Word 2010 Crash PoC
7034| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
7035| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
7036| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
7037| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
7038| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
7039| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
7040| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
7041| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
7042| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
7043| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
7044|
7045| OpenVAS (Nessus) - http://www.openvas.org:
7046| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
7047| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
7048| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
7049| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
7050| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
7051| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
7052| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
7053| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
7054| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
7055| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
7056| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
7057| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
7058| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
7059|
7060| SecurityTracker - https://www.securitytracker.com:
7061| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
7062| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
7063| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
7064| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
7065| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
7066| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
7067| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
7068| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
7069| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
7070| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
7071| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
7072| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
7073| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
7074| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
7075| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
7076| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
7077| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
7078| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
7079| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
7080| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
7081| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
7082| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
7083| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
7084| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
7085| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
7086| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
7087| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
7088| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
7089| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
7090| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
7091| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
7092| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
7093| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
7094| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
7095| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
7096| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
7097| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
7098| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
7099| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
7100| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
7101| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
7102| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
7103| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
7104| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
7105| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
7106| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
7107| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
7108| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
7109| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
7110| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
7111| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
7112| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
7113| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
7114| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
7115| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
7116| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
7117| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
7118| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
7119| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
7120|
7121| OSVDB - http://www.osvdb.org:
7122| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
7123| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
7124| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
7125| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
7126| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
7127| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
7128| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
7129| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
7130| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
7131| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
7132| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
7133| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
7134| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
7135| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
7136| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
7137| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
7138| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
7139| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
7140| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
7141| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
7142| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
7143| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
7144| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
7145| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
7146| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
7147| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
7148| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
7149| [28539] Microsoft Word 2000 Unspecified Code Execution
7150| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
7151| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
7152| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
7153| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
7154| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
7155| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
7156| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
7157| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
7158| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
7159| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
7160| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
7161| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
7162| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
7163| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
7164| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
7165| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
7166| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
7167| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
7168| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
7169| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
7170| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
7171| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
7172| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
7173| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
7174| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
7175| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
7176| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
7177| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
7178| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
7179| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
7180| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
7181| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
7182| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
7183| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
7184| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
7185| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
7186| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
7187| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
7188| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
7189| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
7190| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
7191| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
7192| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
7193| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
7194| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
7195| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
7196| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
7197| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
7198| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
7199| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
7200| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
7201| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
7202| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
7203| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
7204| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
7205| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
7206| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
7207| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
7208| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
7209| [8243] Microsoft SMS Port 2702 DoS
7210| [7202] Microsoft PowerPoint 2000 File Loader Overflow
7211| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
7212| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
7213| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
7214| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
7215| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
7216| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
7217| [6965] Microsoft ISA Server 2000 SSL Packet DoS
7218| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
7219| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
7220| [5179] Microsoft Windows 2000 microsoft-ds DoS
7221| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
7222| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
7223| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
7224| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
7225| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
7226| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
7227| [4168] Microsoft Outlook 2002 mailto URI Script Injection
7228| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
7229| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
7230| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
7231| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
7232| [2244] Microsoft Windows 2000 ShellExecute() API Let
7233| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
7234| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
7235| [1764] Microsoft Windows 2000 Domain Controller DoS
7236| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
7237| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
7238| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
7239| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
7240| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
7241| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
7242| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
7243| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
7244| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
7245| [1399] Microsoft Windows 2000 Windows Station Access
7246| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
7247| [1297] Microsoft Windows 2000 Active Directory Object Attribute
7248| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
7249| [773] Microsoft Windows 2000 Group Policy File Lock DoS
7250| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
7251| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
7252| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
7253| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
7254| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
7255| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
7256|_
7257Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
7258Device type: load balancer|specialized|general purpose
7259Running (JUST GUESSING): Citrix embedded (95%), AVtech embedded (87%), OpenBSD 4.X (86%)
7260OS CPE: cpe:/o:openbsd:openbsd:4.0
7261Aggressive OS guesses: Citrix NetScaler load balancer (95%), AVtech Room Alert 26W environmental monitor (87%), Citrix NetScaler VPX load balancer (86%), OpenBSD 4.0 (86%)
7262No exact OS matches for host (test conditions non-ideal).
7263Network Distance: 15 hops
7264TCP Sequence Prediction: Difficulty=258 (Good luck!)
7265IP ID Sequence Generation: Randomized
7266Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
7267
7268TRACEROUTE (using port 443/tcp)
7269HOP RTT ADDRESS
72701 431.20 ms 10.249.204.1
72712 431.32 ms 213.184.122.97
72723 431.27 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
72734 431.30 ms bzq-179-124-185.cust.bezeqint.net (212.179.124.185)
72745 431.36 ms bzq-219-189-14.cablep.bezeqint.net (62.219.189.14)
72756 431.40 ms bzq-219-189-14.cablep.bezeqint.net (62.219.189.14)
72767 431.43 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
72778 431.46 ms et-0-0-71.cr2-fra2.ip4.gtt.net (141.136.110.50)
72789 431.49 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
727910 269.35 ms 5.23.0.42
728011 ... 14
728115 317.77 ms www.osym.gov.tr (213.14.221.20)
7282
7283NSE: Script Post-scanning.
7284Initiating NSE at 02:11
7285Completed NSE at 02:11, 0.00s elapsed
7286Initiating NSE at 02:11
7287Completed NSE at 02:11, 0.00s elapsed
7288######################################################################################################################################
7289Version: 1.11.13-static
7290OpenSSL 1.0.2-chacha (1.0.2g-dev)
7291
7292Connected to 213.14.221.20
7293
7294Testing SSL server www.osym.gov.tr on port 443 using SNI name www.osym.gov.tr
7295
7296 TLS Fallback SCSV:
7297Server supports TLS Fallback SCSV
7298
7299 TLS renegotiation:
7300Session renegotiation not supported
7301
7302 TLS Compression:
7303Compression disabled
7304
7305 Heartbleed:
7306TLS 1.2 not vulnerable to heartbleed
7307TLS 1.1 not vulnerable to heartbleed
7308TLS 1.0 not vulnerable to heartbleed
7309
7310 Supported Server Cipher(s):
7311Preferred TLSv1.2 256 bits AES256-SHA
7312Accepted TLSv1.2 128 bits AES128-SHA
7313Accepted TLSv1.2 256 bits AES256-SHA256
7314Accepted TLSv1.2 128 bits AES128-SHA256
7315Accepted TLSv1.2 256 bits AES256-GCM-SHA384
7316Accepted TLSv1.2 128 bits AES128-GCM-SHA256
7317Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7318Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7319Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-SHA384 Curve P-256 DHE 256
7320Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-SHA256 Curve P-256 DHE 256
7321Accepted TLSv1.2 256 bits ECDHE-RSA-AES256-GCM-SHA384 Curve P-256 DHE 256
7322Accepted TLSv1.2 128 bits ECDHE-RSA-AES128-GCM-SHA256 Curve P-256 DHE 256
7323Accepted TLSv1.2 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
7324Accepted TLSv1.2 112 bits DES-CBC3-SHA
7325Preferred TLSv1.1 256 bits AES256-SHA
7326Accepted TLSv1.1 128 bits AES128-SHA
7327Accepted TLSv1.1 256 bits ECDHE-RSA-AES256-SHA Curve P-256 DHE 256
7328Accepted TLSv1.1 128 bits ECDHE-RSA-AES128-SHA Curve P-256 DHE 256
7329Accepted TLSv1.1 112 bits ECDHE-RSA-DES-CBC3-SHA Curve P-256 DHE 256
7330Accepted TLSv1.1 112 bits DES-CBC3-SHA
7331
7332 SSL Certificate:
7333Signature Algorithm: sha256WithRSAEncryption
7334RSA Key Strength: 2048
7335
7336Subject: www.osym.gov.tr
7337Altnames: DNS:www.osym.gov.tr, DNS:gis.osym.gov.tr, DNS:sonuc.osym.gov.tr, DNS:odeme.osym.gov.tr, DNS:ais.osym.gov.tr, DNS:owa.osym.gov.tr, DNS:mail.osym.gov.tr, DNS:autodiscover.osym.gov.tr, DNS:osym.gov.tr
7338Issuer: GlobalSign Extended Validation CA - SHA256 - G3
7339
7340Not valid before: Jul 13 15:46:20 2018 GMT
7341Not valid after: Jul 13 15:46:20 2020 GMT
7342#####################################################################################################################################
7343------------------------------------------------------------------------------------------------------------------------
7344
7345[ ! ] Starting SCANNER INURLBR 2.1 at [11-11-2019 02:13:11]
7346[ ! ] legal disclaimer: Usage of INURLBR for attacking targets without prior mutual consent is illegal.
7347It is the end user's responsibility to obey all applicable local, state and federal laws.
7348Developers assume no liability and are not responsible for any misuse or damage caused by this program
7349
7350[ INFO ][ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.osym.gov.tr/output/inurlbr-www.osym.gov.tr ]
7351[ INFO ][ DORK ]::[ site:www.osym.gov.tr ]
7352[ INFO ][ SEARCHING ]:: {
7353[ INFO ][ ENGINE ]::[ GOOGLE - www.google.tk ]
7354
7355[ INFO ][ SEARCHING ]::
7356-[:::]
7357[ INFO ][ ENGINE ]::[ GOOGLE API ]
7358
7359[ INFO ][ SEARCHING ]::
7360-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7361[ INFO ][ ENGINE ]::[ GOOGLE_GENERIC_RANDOM - www.google.ro ID: 002901626849897788481:cpnctza84gq ]
7362
7363[ INFO ][ SEARCHING ]::
7364-[:::]-[:::]-[:::]-[:::]-[:::]-[:::]
7365
7366[ INFO ][ TOTAL FOUND VALUES ]:: [ 5 ]
7367
7368
7369 _[ - ]::--------------------------------------------------------------------------------------------------------------
7370|_[ + ] [ 0 / 5 ]-[02:13:40] [ - ]
7371|_[ + ] Target:: [ https://www.osym.gov.tr/ ]
7372|_[ + ] Exploit::
7373|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:443
7374|_[ + ] More details:: / - / , ISP:
7375|_[ + ] Found:: UNIDENTIFIED
7376
7377 _[ - ]::--------------------------------------------------------------------------------------------------------------
7378|_[ + ] [ 1 / 5 ]-[02:13:45] [ - ]
7379|_[ + ] Target:: [ http://www.osym.gov.tr/nosor/kms/ ]
7380|_[ + ] Exploit::
7381|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:80
7382|_[ + ] More details:: / - / , ISP:
7383|_[ + ] Found:: UNIDENTIFIED
7384
7385 _[ - ]::--------------------------------------------------------------------------------------------------------------
7386|_[ + ] [ 2 / 5 ]-[02:13:51] [ - ]
7387|_[ + ] Target:: [ http://www.osym.gov.tr/belge/site-agaci ]
7388|_[ + ] Exploit::
7389|_[ + ] Information Server:: , , IP:213.14.221.20:80
7390|_[ + ] More details:: / - / , ISP:
7391|_[ + ] Found:: UNIDENTIFIED
7392
7393 _[ - ]::--------------------------------------------------------------------------------------------------------------
7394|_[ + ] [ 3 / 5 ]-[02:13:55] [ - ]
7395|_[ + ] Target:: [ https://www.osym.gov.tr/TR ]
7396|_[ + ] Exploit::
7397|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:443
7398|_[ + ] More details:: / - / , ISP:
7399|_[ + ] Found:: UNIDENTIFIED
7400
7401 _[ - ]::--------------------------------------------------------------------------------------------------------------
7402|_[ + ] [ 4 / 5 ]-[02:13:58] [ - ]
7403|_[ + ] Target:: [ http://www.osym.gov.tr/TR ]
7404|_[ + ] Exploit::
7405|_[ + ] Information Server:: HTTP/1.1 200 OK, , IP:213.14.221.20:80
7406|_[ + ] More details:: / - / , ISP:
7407|_[ + ] Found:: UNIDENTIFIED
7408
7409[ INFO ] [ Shutting down ]
7410[ INFO ] [ End of process INURLBR at [11-11-2019 02:13:58]
7411[ INFO ] [ TOTAL FILTERED VALUES ]:: [ 0 ]
7412[ INFO ] [ OUTPUT FILE ]:: [ /usr/share/sniper/loot/workspace/www.osym.gov.tr/output/inurlbr-www.osym.gov.tr ]
7413|_________________________________________________________________________________________
7414
7415\_________________________________________________________________________________________/
7416#######################################################################################################################################
7417Hosts
7418=====
7419
7420address mac name os_name os_flavor os_sp purpose info comments
7421------- --- ---- ------- --------- ----- ------- ---- --------
7422213.14.221.20 osym.gov.tr Unknown device
7423
7424Services
7425========
7426
7427host port proto name state info
7428---- ---- ----- ---- ----- ----
7429213.14.221.20 53 udp domain unknown
7430213.14.221.20 67 udp dhcps unknown
7431213.14.221.20 68 udp dhcpc unknown
7432213.14.221.20 69 udp tftp unknown
7433213.14.221.20 80 tcp http open
7434213.14.221.20 88 udp kerberos-sec unknown
7435213.14.221.20 123 udp ntp unknown
7436213.14.221.20 139 udp netbios-ssn unknown
7437213.14.221.20 161 udp snmp unknown
7438213.14.221.20 162 udp snmptrap unknown
7439213.14.221.20 389 udp ldap unknown
7440213.14.221.20 443 tcp https open
7441213.14.221.20 500 udp isakmp unknown
7442213.14.221.20 520 udp route unknown
7443213.14.221.20 2049 udp nfs unknown #####################################################################################################################################
7444Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:50 EST
7445Nmap scan report for osym.gov.tr (213.14.221.20)
7446Host is up (0.16s latency).
7447rDNS record for 213.14.221.20: www.xn--sym-rna.gov.tr
7448Not shown: 996 filtered ports
7449PORT STATE SERVICE
745053/tcp closed domain
745180/tcp open http
7452443/tcp open https
74538080/tcp closed http-proxy
7454######################################################################################################################################
7455Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:47 EST
7456Nmap scan report for osym.gov.tr (213.14.221.20)
7457Host is up (0.37s latency).
7458Not shown: 993 filtered ports
7459PORT STATE SERVICE VERSION
746025/tcp closed smtp
746153/tcp closed domain
746280/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7463|_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
7464139/tcp closed netbios-ssn
7465443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7466|_http-trane-info: Problem with XML parsing of /evox/about
7467445/tcp closed microsoft-ds
74688080/tcp closed http-proxy
7469Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
7470
7471######################################################################################################################################
7472Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:43 EST
7473Nmap scan report for www.osym.gov.tr (213.14.221.20)
7474Host is up (0.35s latency).
7475Not shown: 993 filtered ports
7476PORT STATE SERVICE VERSION
747725/tcp closed smtp
747853/tcp closed domain
747980/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7480|_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
7481139/tcp closed netbios-ssn
7482443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7483| ssl-cert: Subject: commonName=www.osym.gov.tr/organizationName=Olcme, Secme ve Yerlestirme Merkezi Baskanligi/stateOrProvinceName=Ankara/countryName=TR
7484| Subject Alternative Name: DNS:www.osym.gov.tr, DNS:gis.osym.gov.tr, DNS:sonuc.osym.gov.tr, DNS:odeme.osym.gov.tr, DNS:ais.osym.gov.tr, DNS:owa.osym.gov.tr, DNS:mail.osym.gov.tr, DNS:autodiscover.osym.gov.tr, DNS:osym.gov.tr
7485| Not valid before: 2018-07-13T15:46:20
7486|_Not valid after: 2020-07-13T15:46:20
7487|_ssl-date: 2019-11-11T06:45:30+00:00; 0s from scanner time.
7488| tls-alpn:
7489|_ http/1.1
7490445/tcp closed microsoft-ds
74918080/tcp closed http-proxy
7492Device type: general purpose|load balancer
7493Running (JUST GUESSING): Linux 2.6.X (90%), Citrix embedded (88%)
7494OS CPE: cpe:/o:linux:linux_kernel:2.6
7495Aggressive OS guesses: Linux 2.6.18 - 2.6.22 (90%), Citrix NetScaler load balancer (88%)
7496No exact OS matches for host (test conditions non-ideal).
7497Network Distance: 14 hops
7498Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
7499
7500TRACEROUTE (using port 53/tcp)
7501HOP RTT ADDRESS
75021 427.47 ms 10.249.204.1
75032 427.55 ms 213.184.122.97
75043 427.54 ms bzq-82-80-246-9.cablep.bezeqint.net (82.80.246.9)
75054 427.60 ms bzq-219-189-185.dsl.bezeqint.net (62.219.189.185)
75065 427.69 ms bzq-179-124-249.cust.bezeqint.net (212.179.124.249)
75076 427.60 ms bzq-219-189-17.cablep.bezeqint.net (62.219.189.17)
75087 427.68 ms bzq-161-218.pop.bezeqint.net (212.179.161.218)
75098 427.73 ms ae8.cr1-fra2.ip4.gtt.net (46.33.89.237)
75109 427.76 ms ix-ae-22-0.tcore1.fr0-frankfurt.as6453.net (195.219.50.137)
751110 266.30 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
751211 320.24 ms if-ae-0-2.tcore1.it5-istanbul.as6453.net (195.219.50.10)
751312 ... 13
751414 319.35 ms www.osym.gov.tr (213.14.221.20)
7515#####################################################################################################################################
7516Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:47 EST
7517Nmap scan report for osym.gov.tr (213.14.221.20)
7518Host is up (0.37s latency).
7519Not shown: 993 filtered ports
7520PORT STATE SERVICE VERSION
752125/tcp closed smtp
752253/tcp closed domain
752380/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7524|_http-title: \xC3\x96SYM \xE2\x80\xA2 T.C. \xC3\x96L\xC3\x87ME, SE\xC3\x87ME VE YERLE\xC5\x9ET\xC4\xB0RME MERKEZ\xC4\xB0
7525139/tcp closed netbios-ssn
7526443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7527|_http-trane-info: Problem with XML parsing of /evox/about
7528445/tcp closed microsoft-ds
75298080/tcp closed http-proxy
7530Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
7531#####################################################################################################################################
7532Nmap scan report for osym.gov.tr (213.14.221.20)
7533Host is up (0.34s latency).
7534rDNS record for 213.14.221.20: www.xn--sym-rna.gov.tr
7535Not shown: 993 filtered ports
7536PORT STATE SERVICE
753725/tcp closed smtp
753853/tcp closed domain
753980/tcp open http
7540139/tcp closed netbios-ssn
7541443/tcp open https
7542445/tcp closed microsoft-ds
75438080/tcp closed http-proxy
7544
7545Host script results:
7546| dns-brute:
7547| DNS Brute-force hostnames:
7548| development.gov.tr - 212.154.115.51
7549| ipv6.gov.tr - 193.140.100.32
7550|_ mta.gov.tr - 31.145.51.12
7551######################################################################################################################################
7552Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-11 01:56 EST
7553Nmap scan report for www.xn--sym-rna.gov.tr (213.14.221.20)
7554Host is up (0.35s latency).
7555Not shown: 993 filtered ports
7556PORT STATE SERVICE VERSION
755725/tcp closed smtp
755853/tcp closed domain
755980/tcp open http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
7560| vulscan: VulDB - https://vuldb.com:
7561| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
7562| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
7563| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
7564| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
7565| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
7566| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7567| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7568| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7569| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7570| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7571| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7572| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7573| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7574| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7575| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7576| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7577| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7578| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7579| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7580| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
7581| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
7582| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
7583| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
7584| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
7585| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
7586| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
7587| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
7588| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
7589| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
7590| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
7591| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
7592| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
7593| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
7594| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
7595| [114524] Microsoft ASP.NET Core 2.0 denial of service
7596| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
7597| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
7598| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
7599| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
7600| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
7601| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
7602| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
7603| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
7604| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
7605| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7606| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7607| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7608| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7609| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7610| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7611| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7612| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7613| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7614| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7615| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
7616| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
7617| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
7618| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
7619| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
7620| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
7621| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
7622| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
7623| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
7624| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
7625| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
7626| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7627| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
7628| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
7629| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7630| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7631| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7632| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
7633| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
7634| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7635| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7636| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
7637| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
7638| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
7639| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
7640| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
7641| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
7642| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
7643| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
7644| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7645| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
7646| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
7647| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
7648| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
7649| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
7650| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
7651| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
7652| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
7653| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
7654| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
7655| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
7656| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
7657| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
7658| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
7659| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
7660| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
7661| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7662| [98085] Microsoft Excel 2007 SP3 memory corruption
7663| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
7664| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
7665| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
7666| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
7667| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
7668| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
7669| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
7670| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
7671| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
7672| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
7673| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
7674| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7675| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
7676| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
7677| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
7678| [93541] Microsoft Office 2007 SP3 denial of service
7679| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
7680| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
7681| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
7682| [93396] Microsoft Office 2007/2010/2011 memory corruption
7683| [93395] Microsoft Office 2007/2010/2011 memory corruption
7684| [93394] Microsoft Office 2007/2010 memory corruption
7685| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
7686| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
7687| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7688| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
7689| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7690| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7691| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7692| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
7693| [91545] Microsoft Office 2007/2010 memory corruption
7694| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7695| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
7696| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
7697| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
7698| [90705] Microsoft Office 2007/2010/2011 memory corruption
7699| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
7700| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
7701| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
7702| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
7703| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7704| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7705| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
7706| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
7707| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
7708| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
7709| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
7710| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
7711| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
7712| [87147] Microsoft Office 2007/2010 memory corruption
7713| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
7714| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
7715| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
7716| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
7717| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
7718| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
7719| [81272] Microsoft Office 2007/2010/2013 memory corruption
7720| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
7721| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7722| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7723| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
7724| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
7725| [79505] Microsoft Office 2007 memory corruption
7726| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
7727| [79503] Microsoft Office 2007/2010/2013 memory corruption
7728| [79502] Microsoft Office 2007/2010/2011 memory corruption
7729| [79501] Microsoft Office 2007/2010 memory corruption
7730| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
7731| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
7732| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
7733| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
7734| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
7735| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
7736| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
7737| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
7738| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
7739| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
7740| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
7741| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
7742| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
7743| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
7744| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
7745| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
7746| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
7747| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
7748| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
7749| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
7750| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
7751| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
7752| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
7753| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
7754| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
7755| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
7756| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
7757| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
7758| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
7759| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
7760| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
7761| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
7762| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
7763| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
7764| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
7765| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
7766| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
7767| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
7768| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
7769| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
7770| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
7771| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
7772| [68408] Microsoft Excel 2007/2010/2013 memory corruption
7773| [68407] Microsoft Excel 2007/2010 memory corruption
7774| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
7775| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
7776| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
7777| [68188] Microsoft Word 2007 File memory corruption
7778| [68187] Microsoft Word 2007 File memory corruption
7779| [68186] Microsoft Word 2007 File memory corruption
7780| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
7781| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
7782| [71337] Microsoft Office 2000/2004/XP memory corruption
7783| [67355] Microsoft OneNote 2007 File Processing privilege escalation
7784| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
7785| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
7786| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
7787| [13545] Microsoft Word 2007 Embedded Font memory corruption
7788| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
7789| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
7790| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
7791| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
7792| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
7793| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
7794| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
7795| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
7796| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
7797| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
7798| [12844] Microsoft Word 2007/2010 Office File memory corruption
7799| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
7800| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
7801| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
7802| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
7803| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
7804| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
7805| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
7806| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
7807| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
7808| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
7809| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
7810| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
7811| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
7812| [10648] Microsoft Word 2007 Word File memory corruption
7813| [10647] Microsoft Word 2003 Word File memory corruption
7814| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
7815| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
7816| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
7817| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
7818| [10244] Microsoft Office 2003 SP3 Word File memory corruption
7819| [10243] Microsoft Office 2003/2007 Word File memory corruption
7820| [10242] Microsoft Office 2007 Word File memory corruption
7821| [10241] Microsoft Office 2007 Word File memory corruption
7822| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
7823| [10239] Microsoft Office 2003/2007 Word File memory corruption
7824| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
7825| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
7826| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
7827| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7828| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7829| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7830| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
7831| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7832| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7833| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
7834| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
7835| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
7836| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
7837| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
7838| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
7839| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
7840| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
7841| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
7842| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
7843| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
7844| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
7845| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
7846| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
7847| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
7848| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
7849| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
7850| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
7851| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
7852| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
7853| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
7854| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
7855| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
7856| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
7857| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
7858| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
7859| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
7860| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
7861| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
7862| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
7863| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
7864| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
7865| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
7866| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
7867| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
7868| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
7869| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
7870| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
7871| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
7872| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
7873| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
7874| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
7875| [6830] Microsoft Word 2007/2010 File memory corruption
7876| [6819] Microsoft Excel 2007 File memory corruption
7877| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
7878| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
7879| [6621] Microsoft Word 2007 PAPX memory corruption
7880| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
7881| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
7882| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
7883| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
7884| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
7885| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
7886| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
7887| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
7888| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
7889| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
7890| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
7891| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
7892| [5643] Microsoft SharePoint 2007/2010 information disclosure
7893| [5642] Microsoft SharePoint 2007 cross site request forgery
7894| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
7895| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
7896| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
7897| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
7898| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
7899| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
7900| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
7901| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
7902| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
7903| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
7904| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
7905| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
7906| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
7907| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
7908| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
7909| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
7910| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
7911| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
7912| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
7913| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
7914| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
7915| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
7916| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
7917| [4480] Microsoft Excel 2003 memory corruption
7918| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
7919| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
7920| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
7921| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
7922| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
7923| [4470] Microsoft Office 2003 SP3 memory corruption
7924| [4453] Microsoft Excel 2003 Record Parser memory corruption
7925| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
7926| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
7927| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
7928| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
7929| [59005] Microsoft Host Integration Server 2004 denial of service
7930| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
7931| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
7932| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
7933| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
7934| [58488] Microsoft Office 2007/2010 memory corruption
7935| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
7936| [4411] Microsoft Excel 2003 memory corruption
7937| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
7938| [58240] Microsoft Visio 2003/2007 memory corruption
7939| [58237] Microsoft Visio 2003/2007/2010 memory corruption
7940| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
7941| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
7942| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
7943| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
7944| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
7945| [57691] Microsoft SQL Server 2008 Web Service information disclosure
7946| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
7947| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
7948| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
7949| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
7950| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
7951| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
7952| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
7953| [4369] Microsoft Excel 2002/2003/2007 memory corruption
7954| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
7955| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
7956| [57420] Microsoft PowerPoint 2002/2003 memory corruption
7957| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
7958| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
7959| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
7960| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
7961| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
7962| [57076] Microsoft Excel 2002/2003 memory corruption
7963| [57075] Microsoft Excel 2002/2003 memory corruption
7964| [57074] Microsoft Excel 2002 memory corruption
7965| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
7966| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
7967| [4332] Microsoft PowerPoint 2007/2010 memory corruption
7968| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
7969| [56475] Microsoft Office 2004/2008 memory corruption
7970| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
7971| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
7972| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
7973| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
7974| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
7975| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
7976| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
7977| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
7978| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
7979| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
7980| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
7981| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
7982| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
7983| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
7984| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
7985| [55765] Microsoft Office 2003/Xp Integer memory corruption
7986| [55764] Microsoft Office 2003/Xp memory corruption
7987| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
7988| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
7989| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
7990| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
7991| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
7992| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
7993| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
7994| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
7995| [55420] Microsoft Office 2007/2010 memory corruption
7996| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
7997| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
7998| [55411] Microsoft PowerPoint 2002/2003 memory corruption
7999| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
8000| [54995] Microsoft Office 2004/2008 memory corruption
8001| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
8002| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
8003| [54992] Microsoft Excel 2002 memory corruption
8004| [54991] Microsoft Office 2004 Future memory corruption
8005| [54990] Microsoft Office 2004 memory corruption
8006| [54989] Microsoft Office 2004/2008 memory corruption
8007| [54988] Microsoft Excel 2002 memory corruption
8008| [54987] Microsoft Excel 2002 memory corruption
8009| [54986] Microsoft Excel 2002/2003 memory corruption
8010| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
8011| [54984] Microsoft Office 2004/2008 memory corruption
8012| [54983] Microsoft Excel 2002 Integer memory corruption
8013| [54980] Microsoft Word 2002/2003 memory corruption
8014| [54979] Microsoft Word 2002 memory corruption
8015| [54978] Microsoft Word 2002 memory corruption
8016| [54977] Microsoft Word 2002 Heap-based memory corruption
8017| [54976] Microsoft Word 2002 memory corruption
8018| [54975] Microsoft Word 2002 memory corruption
8019| [54974] Microsoft Word 2002 memory corruption
8020| [54973] Microsoft Word 2002 memory corruption
8021| [54972] Microsoft Word 2002 memory corruption
8022| [54971] Microsoft Word 2002 memory corruption
8023| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
8024| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
8025| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
8026| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
8027| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
8028| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
8029| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
8030| [54554] Microsoft Groove 2007 mso.dll memory corruption
8031| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
8032| [54322] Microsoft Word 2002/2003 memory corruption
8033| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
8034| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
8035| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
8036| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
8037| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
8038| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
8039| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
8040| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
8041| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
8042| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
8043| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
8044| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
8045| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
8046| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
8047| [53505] Microsoft Excel 2002/2007 memory corruption
8048| [53501] Microsoft Excel 2002 memory corruption
8049| [53500] Microsoft Excel 2002 memory corruption
8050| [53499] Microsoft Excel 2002 memory corruption
8051| [53495] Microsoft Excel 2002/2003/2007 memory corruption
8052| [53494] Microsoft Excel 2002 Stack-based memory corruption
8053| [53504] Microsoft Excel 2002 memory corruption
8054| [53503] Microsoft Excel 2002 Stack-Based memory corruption
8055| [53502] Microsoft Excel 2002 Heap-based memory corruption
8056| [53498] Microsoft Excel 2002 Stack-based memory corruption
8057| [53497] Microsoft Excel 2002 memory corruption
8058| [53496] Microsoft Excel 2002 memory corruption
8059| [53493] Microsoft Excel 2002/2003/2007 memory corruption
8060| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
8061| [53366] Microsoft ASP.NET 2.0 cross site scripting
8062| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
8063| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
8064| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
8065| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
8066| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
8067| [52773] Microsoft Visio 2002/2003/2007 memory corruption
8068| [52772] Microsoft Visio 2002/2003/2007 memory corruption
8069| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
8070| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
8071| [52543] Microsoft Virtual PC 2007 unknown vulnerability
8072| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
8073| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
8074| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
8075| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
8076| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
8077| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
8078| [4090] Microsoft Excel 2002/2003/2007 memory corruption
8079| [52036] Microsoft Windows 2000 MsgBox memory corruption
8080| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
8081| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
8082| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
8083| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
8084| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
8085| [51799] Microsoft PowerPoint 2002/2003 memory corruption
8086| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
8087| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
8088| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
8089| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
8090| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
8091| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
8092| [51074] Microsoft Office 2002/2003 Integer memory corruption
8093| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
8094| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
8095| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
8096| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
8097| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
8098| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
8099| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
8100| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
8101| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
8102| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
8103| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
8104| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
8105| [50443] Microsoft PowerPoint 2007 Integer memory corruption
8106| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
8107| [49866] Microsoft Windows Server 2003 memory corruption
8108| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
8109| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
8110| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
8111| [49745] Microsoft Windows Server 2003 denial of service
8112| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
8113| [49394] Microsoft Windows Server 2003 memory corruption
8114| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
8115| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
8116| [49198] Microsoft Visual Studio 2005 information disclosure
8117| [49047] Microsoft Virtual Server 2005 privilege escalation
8118| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
8119| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
8120| [49044] Microsoft ISA Server 2006 privilege escalation
8121| [3999] Microsoft Office 2007 Pointer memory corruption
8122| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
8123| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
8124| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
8125| [48517] Microsoft Windows 2000 Memory Leak memory corruption
8126| [48516] Microsoft Windows Server 2008 unknown vulnerability
8127| [48512] Microsoft Windows Server 2008 unknown vulnerability
8128| [48515] Microsoft Office Word Viewer 2003 memory corruption
8129| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
8130| [48554] Microsoft Excel 2000/2003/2007 memory corruption
8131| [48157] Microsoft PowerPoint 2002 Sound memory corruption
8132| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
8133| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
8134| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
8135| [48150] Microsoft PowerPoint 2002 Sound memory corruption
8136| [48147] Microsoft PowerPoint 2002 Sound memory corruption
8137| [48146] Microsoft PowerPoint 2002 Integer memory corruption
8138| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
8139| [48153] Microsoft PowerPoint 2002 Sound memory corruption
8140| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
8141| [48149] Microsoft PowerPoint 2002 memory corruption
8142| [48148] Microsoft PowerPoint 2002 Sound memory corruption
8143| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
8144| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
8145| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
8146| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
8147| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
8148| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
8149| [47719] Microsoft Windows 2000 Stack-based memory corruption
8150| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
8151| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
8152| [47715] Microsoft Windows 2000 Wordpad memory corruption
8153| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
8154| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
8155| [3952] Microsoft ISA Server 2004/2006 denial of service
8156| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
8157| [47091] Microsoft Windows Server 2008 unknown vulnerability
8158| [47090] Microsoft Windows Server 2008 unknown vulnerability
8159| [3939] Microsoft Windows 2000 DNS spoofing
8160| [3938] Microsoft Windows 2000 SSL weak authentication
8161| [3937] Microsoft Windows 2000 memory corruption
8162| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
8163| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
8164| [46455] Microsoft Exchange Server 2007 denial of service
8165| [46454] Microsoft Exchange Server 2007 memory corruption
8166| [46453] Microsoft Visio 2002/2003/2007 memory corruption
8167| [46452] Microsoft Visio 2002/2003/2007 memory corruption
8168| [46451] Microsoft Visio 2002/2003/2007 memory corruption
8169| [46327] Microsoft Word 2007 information disclosure
8170| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
8171| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
8172| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
8173| [45379] Microsoft Office SharePoint Server 2007 denial of service
8174| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
8175| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
8176| [3891] Microsoft Excel 2000/2002/2003 memory corruption
8177| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
8178| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
8179| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
8180| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
8181| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
8182| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
8183| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
8184| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
8185| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
8186| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
8187| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
8188| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
8189| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
8190| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
8191| [45197] Microsoft Windows 2000 nskey.dll memory corruption
8192| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
8193| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
8194| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
8195| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
8196| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
8197| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
8198| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
8199| [3844] Microsoft Excel 2003 REPT memory corruption
8200| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
8201| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
8202| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
8203| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
8204| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
8205| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
8206| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
8207| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
8208| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
8209| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
8210| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
8211| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
8212| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
8213| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
8214| [43657] Microsoft Office 2000/2003/Xp memory corruption
8215| [43654] Microsoft SharePoint Server 2007 memory corruption
8216| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
8217| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
8218| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
8219| [3796] Microsoft Office 2000 WPG memory corruption
8220| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
8221| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
8222| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
8223| [3792] Microsoft Office 2000 EPS File memory corruption
8224| [3783] Microsoft Word 2002 memory corruption
8225| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
8226| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
8227| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
8228| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
8229| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
8230| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
8231| [42816] Microsoft Word 2000/2003 memory corruption
8232| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
8233| [42731] Microsoft Windows Server 2003 denial of service
8234| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
8235| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
8236| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
8237| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
8238| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
8239| [41880] Microsoft Project 2000/2002/2003 memory corruption
8240| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
8241| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
8242| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
8243| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
8244| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
8245| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
8246| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
8247| [41453] Microsoft Excel 2000/2002/2003 memory corruption
8248| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
8249| [41451] Microsoft Excel 2000/2002/2003 memory corruption
8250| [41450] Microsoft Excel 2000 memory corruption
8251| [41449] Microsoft Excel 2000/2002/2003 memory corruption
8252| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
8253| [3648] Microsoft Excel 2003 memory corruption
8254| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
8255| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
8256| [41002] Microsoft Office 2000/2003/Xp memory corruption
8257| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
8258| [41000] Microsoft Works 2005/8.0 memory corruption
8259| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
8260| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
8261| [40987] Microsoft Windows 2000 denial of service
8262| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
8263| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
8264| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
8265| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
8266| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
8267| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
8268| [39655] Microsoft Windows Server 2003 spoofing
8269| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
8270| [3373] Microsoft Word 2000/2002 memory corruption
8271| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
8272| [38899] Microsoft ISA Server 2004 information disclosure
8273| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
8274| [38326] Microsoft Windows 2000 attemptwrite memory corruption
8275| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
8276| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
8277| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
8278| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
8279| [37738] Microsoft Office 2002/2003 memory corruption
8280| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
8281| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
8282| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
8283| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
8284| [37566] Microsoft Excel 2003 unknown vulnerability
8285| [37526] Microsoft Windows 2000/Server 2003 denial of service
8286| [37248] Microsoft Visio 2002 Packaging memory corruption
8287| [37251] Microsoft Windows 2000 memory corruption
8288| [3119] Microsoft Visio 2002 Object memory corruption
8289| [3118] Microsoft Visio 2002 Data memory corruption
8290| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
8291| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
8292| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
8293| [36616] Microsoft Works 2004/2005/2006 memory corruption
8294| [36621] Microsoft Exchange Server 2000 Integer denial of service
8295| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
8296| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
8297| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
8298| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
8299| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
8300| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
8301| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
8302| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
8303| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
8304| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
8305| [36039] Microsoft Content Management Server 2001 memory corruption
8306| [36052] Microsoft Windows 2000 Heap-based memory corruption
8307| [36051] Microsoft Word 2007 file798-1.doc memory corruption
8308| [36050] Microsoft Word 2007 file789-1.doc memory corruption
8309| [36040] Microsoft Content Management Server 2001 cross site scripting
8310| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
8311| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
8312| [36002] Microsoft Windows 2000/XP denial of service
8313| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
8314| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
8315| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
8316| [35373] Microsoft Excel 2003 denial of service
8317| [35372] Microsoft Office 2003 denial of service
8318| [35206] Microsoft Windows Server 2003/XP Crash denial of service
8319| [35161] Microsoft ISA Server 2004 unknown vulnerability
8320| [35236] Microsoft Publisher 2007 memory corruption
8321| [2939] Microsoft Word 2000 memory corruption
8322| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
8323| [34993] Microsoft Office 2000/2003/Xp memory corruption
8324| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
8325| [35000] Microsoft Word 2000/2002/2003 memory corruption
8326| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
8327| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
8328| [2884] Microsoft Word 2000/2002/2003 memory corruption
8329| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
8330| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
8331| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
8332| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
8333| [34322] Microsoft Office 2000/2003/Xp memory corruption
8334| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
8335| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
8336| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
8337| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
8338| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
8339| [34126] Microsoft Office 2003 memory corruption
8340| [34122] Microsoft Office Web Components 2000 memory corruption
8341| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
8342| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
8343| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
8344| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
8345| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
8346| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
8347| [33766] Microsoft Word 2000/2002/2003 memory corruption
8348| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
8349| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
8350| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
8351| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
8352| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
8353| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
8354| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
8355| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
8356| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
8357| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
8358| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
8359| [32693] Microsoft Word 2004 memory corruption
8360| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
8361| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
8362| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
8363| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
8364| [32694] Microsoft Windows 2000 memory corruption
8365| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
8366| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
8367| [32687] Microsoft Word 2000/2002 memory corruption
8368| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
8369| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
8370| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
8371| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
8372| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
8373| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
8374| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
8375| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
8376| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
8377| [2593] Microsoft ASP.NET 2.0 cross site scripting
8378| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
8379| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
8380| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
8381| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
8382| [141635] Microsoft .NET Core 2.1/2.2 denial of service
8383| [141633] Microsoft Excel up to 2019 memory corruption
8384| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
8385| [141630] Microsoft Windows up to Server 2019 denial of service
8386| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
8387| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
8388| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
8389| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
8390| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
8391| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
8392| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
8393| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
8394| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
8395| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
8396| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
8397| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
8398| [141610] Microsoft Excel up to 2019 information disclosure
8399| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8400| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
8401| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
8402| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
8403| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
8404| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
8405| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
8406| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
8407| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8408| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8409| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8410| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8411| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8412| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
8413| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
8414| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8415| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8416| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8417| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8418| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
8419| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
8420| [141583] Microsoft Lync Server 2013 Conference directory traversal
8421| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
8422| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
8423| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
8424| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
8425| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
8426| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
8427| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
8428| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
8429| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
8430| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
8431| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
8432| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
8433| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
8434| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
8435| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
8436| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
8437| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
8438| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
8439| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
8440| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
8441| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
8442| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
8443| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
8444| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
8445| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
8446| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
8447| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
8448| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
8449| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
8450| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
8451| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
8452| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
8453| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
8454| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
8455| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
8456| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8457| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8458| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8459| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
8460| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
8461| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8462| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8463| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
8464| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
8465| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
8466| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
8467| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
8468| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
8469| [139911] Microsoft Windows up to Server 2019 denial of service
8470| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
8471| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
8472| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
8473| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8474| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8475| [139902] Microsoft Word up to 2019 memory corruption
8476| [139901] Microsoft Outlook up to 2019 memory corruption
8477| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
8478| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
8479| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8480| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8481| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
8482| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
8483| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
8484| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
8485| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
8486| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
8487| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8488| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
8489| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
8490| [139877] Microsoft Outlook up to 2019 memory corruption
8491| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8492| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8493| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
8494| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
8495| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
8496| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
8497| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
8498| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
8499| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8500| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8501| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8502| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8503| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8504| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8505| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8506| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8507| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8508| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
8509| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
8510| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
8511| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
8512| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
8513| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
8514| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
8515| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8516| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8517| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8518| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
8519| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
8520| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
8521| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
8522| [137541] Microsoft Windows up to Server 2019 memory corruption
8523| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
8524| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
8525| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
8526| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
8527| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
8528| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
8529| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
8530| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
8531| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
8532| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
8533| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
8534| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
8535| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
8536| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
8537| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
8538| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
8539| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
8540| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
8541| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
8542| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
8543| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
8544| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
8545| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
8546| [136327] Microsoft Lync Server 2010/2013 denial of service
8547| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8548| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8549| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8550| [136323] Microsoft Windows up to Server 2019 denial of service
8551| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
8552| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8553| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
8554| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
8555| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
8556| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
8557| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
8558| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
8559| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
8560| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
8561| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
8562| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
8563| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
8564| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8565| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
8566| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
8567| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
8568| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8569| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8570| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8571| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8572| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8573| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8574| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
8575| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
8576| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
8577| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
8578| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8579| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
8580| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
8581| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8582| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
8583| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
8584| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
8585| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
8586| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
8587| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8588| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
8589| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
8590| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8591| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8592| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
8593| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8594| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8595| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
8596| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
8597| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
8598| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8599| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8600| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8601| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8602| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8603| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8604| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8605| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8606| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8607| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8608| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
8609| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8610| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8611| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8612| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
8613| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
8614| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
8615| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
8616| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
8617| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
8618| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
8619| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
8620| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
8621| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8622| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8623| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
8624| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
8625| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
8626| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
8627| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
8628| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8629| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
8630| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
8631| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8632| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8633| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
8634| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
8635| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
8636| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
8637| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
8638| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
8639| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
8640| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
8641| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8642| [133204] Microsoft Office/Excel up to 2019 memory corruption
8643| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8644| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8645| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8646| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
8647| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
8648| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
8649| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
8650| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
8651| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
8652| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
8653| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
8654| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
8655| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
8656| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
8657| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
8658| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
8659| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
8660| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
8661| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
8662| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
8663| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
8664| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
8665| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
8666| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
8667| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
8668| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
8669| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
8670| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
8671| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
8672| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
8673| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
8674| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
8675| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
8676| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
8677| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
8678| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
8679| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
8680| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
8681| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
8682| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
8683| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
8684| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
8685| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
8686| [131658] Microsoft Windows up to Server 2019 information disclosure
8687| [131657] Microsoft Windows up to Server 2019 denial of service
8688| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
8689| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
8690| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
8691| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
8692| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
8693| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
8694| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
8695| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
8696| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8697| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
8698| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
8699| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
8700| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
8701| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
8702| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
8703| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
8704| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
8705| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
8706| [130832] Microsoft 2013 SP1 spoofing
8707| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
8708| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
8709| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
8710| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
8711| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
8712| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
8713| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8714| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
8715| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
8716| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
8717| [130814] Microsoft Windows up to Server 2019 privilege escalation
8718| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
8719| [130808] Microsoft Windows up to Server 2019 information disclosure
8720| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
8721| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
8722| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
8723| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
8724| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
8725| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
8726| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
8727| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8728| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
8729| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
8730| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
8731| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
8732| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
8733| [130792] Microsoft Windows up to Server 2019 HID information disclosure
8734| [130791] Microsoft Windows up to Server 2019 HID information disclosure
8735| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8736| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8737| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8738| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8739| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
8740| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
8741| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
8742| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
8743| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
8744| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
8745| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
8746| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
8747| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
8748| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8749| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8750| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8751| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8752| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8753| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8754| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8755| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8756| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8757| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8758| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8759| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
8760| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
8761| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
8762| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8763| [128745] Microsoft Office up to 2019 Word Macro information disclosure
8764| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8765| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8766| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
8767| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
8768| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
8769| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
8770| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
8771| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
8772| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
8773| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
8774| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
8775| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8776| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8777| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
8778| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8779| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
8780| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
8781| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
8782| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
8783| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
8784| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
8785| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
8786| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
8787| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
8788| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
8789| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
8790| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
8791| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
8792| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
8793| [127817] Microsoft Excel up to 2019 information disclosure
8794| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
8795| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
8796| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
8797| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
8798| [127806] Microsoft Outlook up to 2019 memory corruption
8799| [127805] Microsoft Excel up to 2019 memory corruption
8800| [127804] Microsoft Excel up to 2019 memory corruption
8801| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
8802| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
8803| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
8804| [126755] Microsoft .NET Core 2.1 privilege escalation
8805| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
8806| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
8807| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
8808| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
8809| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8810| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
8811| [126744] Microsoft Office up to 2019 Word memory corruption
8812| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8813| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
8814| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
8815| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
8816| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
8817| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
8818| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
8819| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
8820| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
8821| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8822| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8823| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
8824| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
8825| [126718] Microsoft Windows up to Server 2016 Search memory corruption
8826| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
8827| [126716] Microsoft Office up to 2019 Excel memory corruption
8828| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
8829| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
8830| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
8831| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
8832| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
8833| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
8834| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
8835| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
8836| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
8837| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
8838| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
8839| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
8840| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
8841| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
8842| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
8843| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
8844| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
8845| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8846| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8847| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8848| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8849| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
8850| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
8851| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
8852| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
8853| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
8854| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
8855| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
8856| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8857| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
8858| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
8859| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
8860| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
8861| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
8862| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
8863| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
8864| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
8865| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
8866| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
8867| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
8868| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
8869| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8870| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
8871| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
8872| [123849] Microsoft Windows up to Server 2016 SMB denial of service
8873| [123846] Microsoft Office 2016 on Win/Mac memory corruption
8874| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
8875| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8876| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8877| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
8878| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
8879| [123827] Microsoft Windows up to Server 2016 Image memory corruption
8880| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
8881| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
8882| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
8883| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8884| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8885| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
8886| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
8887| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
8888| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8889| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
8890| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
8891| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8892| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
8893| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
8894| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
8895| [122848] Microsoft Windows Security Feature 2FA weak authentication
8896| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
8897| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
8898| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
8899| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
8900| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8901| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
8902| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
8903| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
8904| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
8905| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
8906| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
8907| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8908| [121098] Microsoft Office 2016/2016 C2R memory corruption
8909| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
8910| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
8911| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
8912| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
8913| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
8914| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
8915| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
8916| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
8917| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8918| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
8919| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8920| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8921| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8922| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8923| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8924| [119459] Microsoft Windows up to Server 2016 memory corruption
8925| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
8926| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
8927| [119455] Microsoft Windows up to Server 2016 denial of service
8928| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
8929| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
8930| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
8931| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
8932| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
8933| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
8934| [119436] Microsoft Windows up to Server 2016 memory corruption
8935| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
8936| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
8937| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
8938| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
8939| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
8940| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
8941| [117507] Microsoft Infopath 2013 SP1 memory corruption
8942| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
8943| [117504] Microsoft Office 2010 SP2 information disclosure
8944| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
8945| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
8946| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8947| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
8948| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
8949| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
8950| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
8951| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
8952| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8953| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8954| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8955| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8956| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8957| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8958| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
8959| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
8960| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
8961| [116132] Microsoft Office 2016 Memory information disclosure
8962| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8963| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
8964| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
8965| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
8966| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
8967| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
8968| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
8969| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
8970| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
8971| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
8972| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
8973| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
8974| [116023] Microsoft Office up to 2016 C2R information disclosure
8975| [116022] Microsoft Excel 2010 SP2 memory corruption
8976| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
8977| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
8978| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8979| [116017] Microsoft Excel up to 2016 C2R memory corruption
8980| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
8981| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
8982| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
8983| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
8984| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
8985| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
8986| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
8987| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
8988| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
8989| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
8990| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
8991| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
8992| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
8993| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8994| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
8995| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
8996| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
8997| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
8998| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
8999| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9000| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9001| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9002| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9003| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9004| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9005| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9006| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9007| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9008| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
9009| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
9010| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
9011| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
9012| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
9013| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
9014| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
9015| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
9016| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
9017| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
9018| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
9019| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
9020| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
9021| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
9022| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
9023| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
9024| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
9025| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
9026| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
9027| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
9028| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
9029| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
9030| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
9031| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
9032| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
9033| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
9034| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
9035| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
9036| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
9037| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
9038| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
9039| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
9040| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
9041| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
9042| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
9043| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
9044| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
9045| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
9046| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
9047| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
9048| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9049| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
9050| [113232] Microsoft Excel 2016 memory corruption
9051| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
9052| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
9053| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
9054| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
9055| [111567] Microsoft Office 2010/2013/2016 memory corruption
9056| [111564] Microsoft Word 2016 memory corruption
9057| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
9058| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
9059| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
9060| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
9061| [110553] Microsoft Office 2016 C2R information disclosure
9062| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
9063| [110551] Microsoft Excel 2016 C2R memory corruption
9064| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
9065| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
9066| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
9067| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
9068| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
9069| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9070| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9071| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
9072| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
9073| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
9074| [107759] Microsoft Windows up to Server 2016 SMB denial of service
9075| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9076| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9077| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
9078| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
9079| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
9080| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
9081| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
9082| [107738] Microsoft Windows up to Server 2016 Search information disclosure
9083| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
9084| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
9085| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
9086| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9087| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9088| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
9089| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
9090| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
9091| [107698] Microsoft Office 2016 memory corruption
9092| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
9093| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
9094| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9095| [106529] Microsoft PowerPoint 2016 memory corruption
9096| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
9097| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
9098| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
9099| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
9100| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
9101| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
9102| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
9103| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
9104| [106474] Microsoft Office 2016 memory corruption
9105| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
9106| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
9107| [106470] Microsoft Excel 2011 on Mac memory corruption
9108| [106455] Microsoft Exchange Server 2013/2016 information disclosure
9109| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
9110| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
9111| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
9112| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
9113| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
9114| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
9115| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
9116| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
9117| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
9118| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
9119| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
9120| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
9121| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
9122| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
9123| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
9124| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
9125| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
9126| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
9127| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
9128| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
9129| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
9130| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
9131| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
9132| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
9133| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
9134| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
9135| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
9136| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
9137| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
9138| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
9139| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
9140| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
9141| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
9142| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
9143| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
9144| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
9145| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
9146| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
9147| [102463] Microsoft Project Server 2013 SP1 cross site scripting
9148| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
9149| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
9150| [102446] Microsoft Office up to 2016 privilege escalation
9151| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
9152| [102443] Microsoft Office up to 2016 privilege escalation
9153| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
9154| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
9155| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
9156| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
9157| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
9158| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
9159| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
9160| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
9161| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
9162| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
9163| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
9164| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
9165| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
9166| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
9167| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
9168| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
9169| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
9170| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
9171| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9172| [101019] Microsoft Skype for Business 2016 memory corruption
9173| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
9174| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
9175| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
9176| [101014] Microsoft Office 2010 SP2/2016 memory corruption
9177| [101013] Microsoft Office 2010 SP2/2016 memory corruption
9178| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
9179| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
9180| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
9181| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
9182| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
9183| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
9184| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
9185| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
9186| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
9187| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
9188| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
9189| [98096] Microsoft Exchange 2013 SP1 privilege escalation
9190| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
9191| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
9192| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
9193| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
9194| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
9195| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
9196| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
9197| [98081] Microsoft Excel up to 2016 information disclosure
9198| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9199| [98079] Microsoft Word 2016 memory corruption
9200| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
9201| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
9202| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
9203| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
9204| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
9205| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
9206| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
9207| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
9208| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
9209| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
9210| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
9211| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
9212| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
9213| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
9214| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
9215| [94451] Microsoft Office 2011 memory corruption
9216| [94447] Microsoft Office 2010 SP2 memory corruption
9217| [94446] Microsoft Office 2016 memory corruption
9218| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
9219| [94443] Microsoft Office up to 2016 information disclosure
9220| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
9221| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
9222| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
9223| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
9224| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
9225| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
9226| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
9227| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
9228| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
9229| [93393] Microsoft Office up to 2016 memory corruption
9230| [93392] Microsoft Office up to 2016 memory corruption
9231| [93391] Microsoft Office up to 2016 memory corruption
9232| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
9233| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
9234| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
9235| [92584] Microsoft Office up to 2016 memory corruption
9236| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
9237| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
9238| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
9239| [91555] Microsoft Exchange 2013/2016 Link spoofing
9240| [91550] Microsoft Office 2016 memory corruption
9241| [91547] Microsoft Office 2010 memory corruption
9242| [91543] Microsoft Office up to 2016 memory corruption
9243| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
9244| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
9245| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
9246| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
9247| [89043] Microsoft Office up to 2016 memory corruption
9248| [89041] Microsoft Office up to 2016 memory corruption
9249| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
9250| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
9251| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
9252| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
9253| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
9254| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
9255| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
9256| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
9257| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
9258| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
9259| [87936] Microsoft Office up to 2016 memory corruption
9260| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
9261| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
9262| [87149] Microsoft Office up to 2016 memory corruption
9263| [87148] Microsoft Office 2010 Graphics memory corruption
9264| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
9265| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
9266| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
9267| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
9268| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
9269| [81274] Microsoft Office up to 2016 memory corruption
9270| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
9271| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
9272| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
9273| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9274| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
9275| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
9276| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
9277| [80870] Microsoft Office up to 2016 memory corruption
9278| [80868] Microsoft Office up to 2016 memory corruption
9279| [80867] Microsoft Office up to 2016 memory corruption
9280| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
9281| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
9282| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
9283| [80231] Microsoft Excel up to 2016 Office Document memory corruption
9284| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
9285| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
9286| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
9287| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
9288| [80218] Microsoft Office up to 2016 ASLR privilege escalation
9289| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
9290| [80216] Microsoft Office up to 2016 Office Document memory corruption
9291| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
9292| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
9293| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
9294| [79500] Microsoft Office 2010/2011/2016 memory corruption
9295| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
9296| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
9297| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
9298| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
9299| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
9300| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
9301| [77638] Microsoft Lync Server 2013 cross site scripting
9302| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
9303| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
9304| [77050] Microsoft Office up to 2016 memory corruption
9305| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
9306| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
9307| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
9308| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
9309| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
9310| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
9311| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
9312| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
9313| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
9314| [66976] Microsoft Access 2010 VBA Datatype denial of service
9315| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
9316| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
9317| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
9318| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
9319| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
9320| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
9321| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
9322| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
9323| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
9324| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
9325| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
9326| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
9327| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
9328| [69156] Microsoft Office 2010 Object memory corruption
9329| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
9330| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
9331| [68191] Microsoft SharePoint 2010 cross site scripting
9332| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
9333| [67518] Microsoft Lync 2013 denial of service
9334| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
9335| [67516] Microsoft Lync 2010/2013 denial of service
9336| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
9337| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
9338| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
9339| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
9340| [13228] Microsoft Office 2013 Document privilege escalation
9341| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
9342| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
9343| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
9344| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
9345| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
9346| [12183] Microsoft .NET Framework 2/4 DTD denial of service
9347| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
9348| [11468] Microsoft Exchange 2010/2013 cross site scripting
9349| [11466] Microsoft Office 2013 File Response information disclosure
9350| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
9351| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
9352| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
9353| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
9354| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
9355| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
9356| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
9357| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
9358| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
9359| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
9360| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
9361| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
9362| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
9363| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
9364| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
9365| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
9366| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
9367| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
9368| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
9369| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
9370| [7343] Microsoft Lync 2012 HTTP Format String
9371| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
9372| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
9373| [6831] Microsoft Office Picture Manager 2010 File memory corruption
9374| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
9375| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
9376| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
9377| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
9378| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
9379| [5641] Microsoft SharePoint 2010 cross site scripting
9380| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
9381| [12311] Microsoft Lync 2010 Search race condition
9382| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
9383| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
9384| [60208] Microsoft Visio Viewer 2010 memory corruption
9385| [60207] Microsoft Visio Viewer 2010 memory corruption
9386| [60206] Microsoft Visio Viewer 2010 memory corruption
9387| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
9388| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
9389| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
9390| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
9391| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
9392| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
9393| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
9394| [4424] Microsoft Host Integration Server up to 2010 denial of service
9395| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
9396| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
9397| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
9398| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
9399| [4414] Microsoft SharePoint 2010 cross site scripting
9400| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
9401| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
9402| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
9403| [56028] Microsoft Data Access Components 2.8 memory corruption
9404| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
9405| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
9406| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
9407| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
9408| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
9409| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
9410| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
9411| [4009] Microsoft NET Framework 2.x/3.x denial of service
9412| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
9413| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9414| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9415| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
9416| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
9417| [32692] Microsoft XML Core Services up to 2.6 memory corruption
9418| [32691] Microsoft XML Core Services up to 2.6 memory corruption
9419|
9420| MITRE CVE - https://cve.mitre.org:
9421| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
9422| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
9423| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
9424| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
9425| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
9426| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
9427| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
9428| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
9429| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
9430| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
9431| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
9432| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
9433| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
9434| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
9435| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
9436| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
9437| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
9438| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
9439| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
9440| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
9441| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
9442| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
9443| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
9444| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
9445| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
9446| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
9447| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
9448| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
9449| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
9450| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
9451| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
9452| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
9453| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
9454| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
9455| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
9456| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
9457| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
9458| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
9459| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
9460| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
9461| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
9462| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
9463| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
9464| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
9465| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
9466| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
9467| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
9468| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
9469| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
9470| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9471| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9472| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9473| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9474| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9475| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9476| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9477| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9478| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9479| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9480| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9481| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9482| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9483| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9484| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9485| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9486| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9487| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9488| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9489| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9490| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9491| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9492| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9493| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9494| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9495| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9496| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9497| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9498| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9499| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
9500| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
9501| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
9502| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
9503| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
9504| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
9505| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
9506| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
9507| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
9508| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
9509| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
9510| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
9511| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
9512| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
9513| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
9514| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
9515| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
9516| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
9517| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
9518| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
9519| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
9520| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
9521| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
9522| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
9523| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
9524| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
9525| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
9526| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
9527| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
9528| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
9529| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
9530| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
9531| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
9532| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
9533| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
9534| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
9535| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
9536| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
9537| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
9538| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
9539| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
9540| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
9541| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
9542| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
9543| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
9544| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
9545| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
9546| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
9547| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
9548| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
9549| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
9550| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
9551| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
9552| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9553| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
9554| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
9555| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
9556| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9557| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
9558| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
9559| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
9560| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
9561| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
9562| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
9563| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
9564| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
9565| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
9566| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
9567| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9568| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
9569| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
9570| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
9571| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
9572| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
9573| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
9574| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
9575| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
9576| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
9577| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
9578| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
9579| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
9580| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
9581| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
9582| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
9583| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
9584| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9585| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
9586| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
9587| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
9588| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
9589| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
9590| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
9591| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
9592| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
9593| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
9594| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9595| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
9596| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
9597| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
9598| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
9599| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
9600| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
9601| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
9602| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
9603| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
9604| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
9605| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
9606| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
9607| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
9608| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
9609| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
9610| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
9611| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
9612| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
9613| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
9614| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
9615| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
9616| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
9617| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
9618| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
9619| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
9620| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
9621| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
9622| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
9623| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
9624| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
9625| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
9626| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
9627| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
9628| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
9629| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
9630| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
9631| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
9632| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
9633| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
9634| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
9635| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
9636| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
9637| [CVE-2011-1990] Microsoft Excel 2007 SP2
9638| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
9639| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
9640| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
9641| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
9642| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
9643| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
9644| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
9645| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
9646| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
9647| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
9648| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
9649| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
9650| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
9651| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
9652| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
9653| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
9654| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
9655| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
9656| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
9657| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
9658| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
9659| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
9660| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
9661| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
9662| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
9663| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
9664| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
9665| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9666| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9667| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9668| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
9669| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
9670| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9671| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9672| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
9673| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9674| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9675| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
9676| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
9677| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
9678| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
9679| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
9680| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
9681| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
9682| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
9683| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
9684| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
9685| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
9686| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
9687| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
9688| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
9689| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
9690| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
9691| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
9692| [CVE-2011-1275] Microsoft Excel 2002 SP3
9693| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
9694| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9695| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
9696| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
9697| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
9698| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
9699| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
9700| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
9701| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
9702| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
9703| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
9704| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
9705| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
9706| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
9707| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9708| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9709| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9710| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9711| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9712| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9713| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9714| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9715| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9716| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9717| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9718| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9719| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9720| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9721| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9722| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9723| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9724| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9725| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
9726| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9727| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
9728| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
9729| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
9730| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9731| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
9732| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9733| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9734| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9735| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9736| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9737| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9738| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9739| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9740| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
9741| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
9742| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
9743| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
9744| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
9745| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
9746| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9747| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
9748| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
9749| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
9750| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
9751| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
9752| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
9753| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
9754| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9755| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9756| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
9757| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
9758| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
9759| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
9760| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
9761| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
9762| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
9763| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
9764| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
9765| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
9766| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
9767| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
9768| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
9769| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
9770| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
9771| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
9772| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
9773| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
9774| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
9775| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
9776| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
9777| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
9778| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
9779| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
9780| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
9781| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
9782| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
9783| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
9784| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
9785| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
9786| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
9787| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
9788| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
9789| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
9790| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
9791| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
9792| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
9793| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
9794| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
9795| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
9796| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
9797| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
9798| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
9799| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
9800| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
9801| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
9802| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
9803| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
9804| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
9805| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
9806| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
9807| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
9808| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
9809| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
9810| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
9811| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
9812| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
9813| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
9814| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
9815| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
9816| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
9817| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
9818| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
9819| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
9820| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
9821| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
9822| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
9823| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
9824| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
9825| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
9826| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
9827| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
9828| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
9829| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
9830| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
9831| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
9832| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
9833| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
9834| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
9835| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
9836| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
9837| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
9838| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
9839| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
9840| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
9841| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
9842| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
9843| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
9844| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
9845| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
9846| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
9847| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
9848| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
9849| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
9850| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
9851| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
9852| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
9853| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
9854| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
9855| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
9856| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
9857| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
9858| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
9859| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
9860| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
9861| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
9862| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
9863| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
9864| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
9865| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
9866| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
9867| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
9868| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
9869| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
9870| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
9871| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
9872| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
9873| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
9874| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
9875| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
9876| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
9877| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
9878| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
9879| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9880| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9881| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
9882| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
9883| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
9884| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
9885| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
9886| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
9887| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
9888| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
9889| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
9890| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
9891| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
9892| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
9893| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
9894| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
9895| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
9896| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
9897| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
9898| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
9899| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
9900| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
9901| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
9902| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
9903| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
9904| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
9905| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
9906| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
9907| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
9908| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
9909| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
9910| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
9911| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
9912| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
9913| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
9914| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
9915| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
9916| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
9917| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
9918| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
9919| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
9920| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
9921| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
9922| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
9923| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
9924| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
9925| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
9926| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
9927| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
9928| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
9929| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
9930| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
9931| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
9932| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
9933| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
9934| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
9935| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
9936| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
9937| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
9938| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
9939| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
9940| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
9941| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
9942| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
9943| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
9944| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
9945| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
9946| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
9947| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
9948| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
9949| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
9950| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
9951| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
9952| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
9953| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
9954| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
9955| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
9956| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
9957| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
9958| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
9959| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
9960| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
9961| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
9962| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
9963| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
9964| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
9965| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
9966| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
9967| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
9968| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
9969| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
9970| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
9971| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
9972| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
9973| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
9974| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
9975| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
9976| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
9977| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
9978| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
9979| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
9980| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
9981| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
9982| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
9983| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
9984| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
9985| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
9986| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
9987| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
9988| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
9989| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
9990| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
9991| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
9992| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
9993| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
9994| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
9995| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
9996| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
9997| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
9998| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
9999| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
10000| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
10001| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
10002| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
10003| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
10004| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
10005| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
10006| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
10007| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10008| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
10009| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10010| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10011| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
10012| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10013| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
10014| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
10015| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
10016| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
10017| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
10018| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
10019| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
10020| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
10021| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
10022| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
10023| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
10024| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
10025| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
10026| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
10027| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
10028| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
10029| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
10030| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
10031| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
10032| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
10033| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
10034| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
10035| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
10036| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
10037| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
10038| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
10039| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
10040| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
10041| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
10042| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
10043| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
10044| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
10045| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
10046| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
10047| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
10048| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
10049| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
10050| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
10051| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
10052| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
10053| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
10054| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
10055| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
10056| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
10057| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
10058| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
10059| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
10060| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
10061| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
10062| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
10063| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
10064| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
10065| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
10066| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
10067| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
10068| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
10069| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
10070| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
10071| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
10072| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
10073| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
10074| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
10075| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
10076| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
10077| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
10078| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
10079| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
10080| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
10081| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
10082| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
10083| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
10084| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
10085| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
10086| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
10087| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
10088| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
10089| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
10090| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
10091| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
10092| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10093| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
10094| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10095| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10096| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
10097| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
10098| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10099| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
10100| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
10101| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
10102| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
10103| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
10104| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
10105| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
10106| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
10107| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
10108| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
10109| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
10110| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
10111| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
10112| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
10113| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
10114| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
10115| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
10116| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
10117| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
10118| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
10119| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
10120| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
10121| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
10122| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
10123| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
10124| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
10125| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
10126| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
10127| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
10128| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
10129| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
10130| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
10131| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
10132| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
10133| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
10134| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
10135| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
10136| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
10137| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
10138| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
10139| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
10140| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
10141| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
10142| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
10143| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
10144| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
10145| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
10146| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
10147| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
10148| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
10149| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
10150| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
10151| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
10152| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
10153| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
10154| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
10155| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
10156| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
10157| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
10158| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
10159| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
10160| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10161| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
10162| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
10163| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
10164| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
10165| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
10166| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
10167| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
10168| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
10169| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10170| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
10171| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
10172| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
10173| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
10174| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
10175| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
10176| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
10177| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
10178| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
10179| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
10180| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
10181| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10182| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10183| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10184| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10185| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10186| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
10187| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
10188| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
10189| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
10190| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
10191| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
10192| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
10193| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
10194| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
10195| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
10196| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
10197| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
10198| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
10199| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
10200| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
10201| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
10202| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
10203| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
10204| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
10205| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
10206| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
10207| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
10208| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
10209| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
10210| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
10211| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
10212| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
10213| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
10214| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
10215| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
10216| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
10217| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
10218| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
10219| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
10220| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
10221| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
10222| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
10223| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
10224| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
10225| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
10226| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
10227| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
10228| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
10229| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
10230| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
10231| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
10232| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
10233| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
10234| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
10235| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
10236| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
10237| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
10238| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
10239| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
10240| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
10241| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
10242| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
10243| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
10244| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
10245| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
10246| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
10247| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
10248| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
10249| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
10250| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
10251| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
10252| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
10253| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
10254| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
10255| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
10256| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
10257| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
10258| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
10259| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
10260| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
10261| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
10262| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
10263| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
10264| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
10265| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
10266| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
10267| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
10268| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
10269| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
10270| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
10271| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
10272| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
10273| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
10274| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
10275| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
10276| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
10277| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
10278| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
10279| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
10280| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
10281| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
10282| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
10283| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
10284| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
10285| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
10286| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
10287| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
10288| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
10289| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
10290| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
10291| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
10292| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
10293| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
10294| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
10295| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
10296| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
10297| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
10298| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
10299| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
10300| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
10301| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
10302| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
10303| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
10304| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
10305| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
10306| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
10307| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
10308| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
10309| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
10310| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
10311| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
10312| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
10313| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
10314| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
10315| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
10316| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
10317| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
10318| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
10319| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
10320| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
10321| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
10322| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
10323| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
10324| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
10325| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
10326| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
10327| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
10328| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
10329| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
10330| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
10331| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
10332| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
10333| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
10334| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
10335| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
10336| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
10337| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
10338| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
10339| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
10340| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
10341| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
10342| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
10343| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
10344| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
10345| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
10346| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
10347| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
10348| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
10349| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
10350| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
10351| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
10352| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
10353| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
10354| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
10355| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
10356| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
10357| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
10358| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
10359| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
10360| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
10361| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
10362| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
10363| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
10364| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
10365| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
10366| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
10367| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
10368| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
10369| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
10370| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
10371| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
10372| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
10373| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
10374| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
10375| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
10376| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
10377| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
10378| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
10379| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
10380| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
10381| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
10382| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
10383| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
10384| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
10385| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
10386| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
10387| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
10388| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
10389| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
10390| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
10391| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
10392| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
10393| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
10394| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
10395| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
10396| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
10397| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
10398| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
10399| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
10400| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
10401| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
10402| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
10403| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
10404| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
10405| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
10406| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
10407| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
10408| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
10409| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
10410| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
10411| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
10412| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
10413| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
10414| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
10415| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
10416| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
10417| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
10418| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
10419| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
10420| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
10421| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
10422| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
10423| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
10424| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
10425| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
10426| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
10427| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
10428| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
10429| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
10430| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
10431| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
10432| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
10433| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
10434| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
10435| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
10436| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
10437| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
10438| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
10439| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
10440| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
10441| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
10442| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
10443| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
10444| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
10445| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
10446| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
10447| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
10448| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
10449| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
10450| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
10451| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
10452| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
10453| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
10454| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
10455| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
10456| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
10457| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
10458| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
10459| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
10460| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
10461| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
10462| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
10463| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
10464| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
10465| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
10466| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
10467| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
10468| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
10469| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
10470| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
10471| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
10472| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
10473| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
10474| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
10475| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
10476| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
10477| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
10478| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
10479| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
10480| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
10481| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
10482| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
10483| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
10484| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
10485| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
10486| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
10487| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
10488| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
10489| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
10490| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
10491| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
10492| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
10493| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
10494| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
10495| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
10496| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
10497| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
10498| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
10499| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
10500| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
10501| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
10502| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
10503| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
10504| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
10505| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
10506| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
10507| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
10508| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
10509| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
10510| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
10511| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
10512| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
10513| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
10514| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
10515| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
10516| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
10517| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
10518| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
10519| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
10520| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
10521| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
10522| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
10523| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
10524| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
10525| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
10526| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
10527| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
10528| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
10529| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
10530| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
10531| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
10532| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
10533| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
10534| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
10535| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
10536| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
10537| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
10538| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
10539| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
10540| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
10541| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
10542| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
10543| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
10544| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
10545| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
10546| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
10547| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
10548| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
10549| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
10550| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
10551| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
10552| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
10553| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
10554| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
10555| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
10556| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
10557| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
10558| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
10559| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
10560| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
10561| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
10562| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
10563| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
10564| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
10565| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
10566| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
10567| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
10568| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
10569| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
10570| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
10571| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
10572| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
10573| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
10574| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
10575| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
10576| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
10577| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
10578| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
10579| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
10580| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
10581| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
10582| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
10583| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
10584| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
10585| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
10586| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
10587| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
10588| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
10589| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
10590| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
10591| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
10592| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
10593| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
10594| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
10595| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
10596| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
10597| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
10598| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
10599| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
10600| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
10601| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
10602| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
10603| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
10604| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
10605| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
10606| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
10607| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
10608| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
10609| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
10610| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
10611| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
10612| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
10613| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
10614| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
10615| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
10616| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
10617| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
10618| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
10619| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
10620| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
10621| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
10622| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
10623| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
10624| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
10625| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
10626| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
10627| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
10628| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
10629| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
10630| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
10631| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
10632| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
10633| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
10634| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
10635| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
10636| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
10637| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
10638| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
10639| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
10640| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
10641| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
10642| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
10643| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
10644| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
10645| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
10646| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
10647| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
10648| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
10649| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
10650| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
10651| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
10652| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
10653| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
10654| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
10655| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
10656| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
10657| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
10658| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
10659| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
10660| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
10661| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
10662| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
10663| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
10664| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
10665| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
10666| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
10667| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
10668| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
10669| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
10670| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
10671| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
10672| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
10673| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
10674| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
10675| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
10676| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
10677| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
10678| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
10679| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
10680| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
10681| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
10682| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
10683| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
10684| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
10685| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
10686| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
10687| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
10688| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
10689| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
10690| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
10691| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
10692| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
10693| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
10694| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
10695| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
10696| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
10697| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
10698| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
10699| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
10700| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
10701| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
10702| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
10703| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
10704| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
10705| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
10706| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
10707| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
10708| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
10709| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
10710| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
10711| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
10712| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
10713| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
10714| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
10715| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
10716| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
10717| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
10718| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
10719| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
10720| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
10721| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
10722| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
10723| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
10724| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
10725| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
10726| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
10727| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
10728| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
10729| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
10730| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
10731| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
10732| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
10733| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
10734| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
10735| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
10736| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
10737| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
10738| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
10739| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
10740| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
10741| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
10742| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
10743| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
10744| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
10745| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
10746| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
10747| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
10748| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
10749| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
10750| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
10751| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
10752| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
10753| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
10754| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
10755| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
10756| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
10757| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
10758| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
10759| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
10760| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
10761| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
10762| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
10763| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10764| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10765| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10766| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
10767| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
10768| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
10769| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
10770| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
10771| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
10772| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
10773| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
10774| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
10775| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
10776| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
10777| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
10778| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
10779| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
10780| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10781| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10782| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
10783| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
10784| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
10785| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
10786| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
10787| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
10788| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
10789| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
10790| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
10791| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
10792| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
10793| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
10794| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
10795| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
10796| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
10797| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
10798| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
10799| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
10800| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
10801| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
10802| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
10803| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
10804| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
10805| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
10806| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
10807| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
10808| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
10809| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
10810| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
10811| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
10812| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
10813| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
10814| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
10815| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
10816| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10817| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10818| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10819| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
10820| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
10821| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
10822| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
10823| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
10824| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
10825| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
10826| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
10827| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
10828| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
10829| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
10830| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
10831| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
10832| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10833| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
10834| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
10835| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
10836| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
10837| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
10838| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
10839| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
10840| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
10841| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
10842| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
10843| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
10844| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
10845| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
10846| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
10847| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
10848| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
10849| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
10850| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
10851| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
10852| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
10853| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
10854| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
10855| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
10856| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
10857| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
10858| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
10859| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
10860| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
10861| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
10862| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
10863| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
10864| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
10865| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
10866| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
10867| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
10868| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
10869| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
10870| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
10871| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
10872| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
10873| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
10874| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
10875| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
10876| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
10877| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
10878| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10879| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10880| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10881| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
10882| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
10883| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
10884| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
10885| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
10886| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
10887| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
10888| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
10889| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
10890| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
10891| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
10892| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
10893| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
10894| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
10895| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
10896| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
10897| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
10898| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
10899| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
10900| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
10901| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
10902| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
10903| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
10904| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
10905| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
10906| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
10907| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
10908| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
10909| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
10910| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
10911|
10912| SecurityFocus - https://www.securityfocus.com/bid/:
10913| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
10914| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
10915| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
10916| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
10917| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
10918| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
10919| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
10920| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
10921| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
10922| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
10923| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
10924| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
10925| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
10926| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
10927| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
10928| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
10929| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
10930| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
10931| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
10932| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
10933| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
10934| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
10935| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
10936| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
10937| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
10938| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
10939| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
10940| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
10941| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
10942| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
10943| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
10944| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
10945| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
10946| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
10947| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
10948| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
10949| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
10950| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
10951| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
10952| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
10953| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
10954| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
10955| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
10956| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
10957| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
10958| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
10959| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
10960| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
10961| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
10962| [22716] Microsoft Office 2003 Denial of Service Vulnerability
10963| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
10964| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
10965| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
10966| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
10967| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
10968| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
10969| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
10970| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
10971| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
10972| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
10973| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
10974| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
10975| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
10976| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
10977| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
10978| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
10979| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
10980| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
10981| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
10982| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
10983| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
10984| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
10985| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
10986| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
10987| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
10988| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
10989| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
10990| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
10991| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
10992| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
10993| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
10994| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
10995| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
10996| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
10997| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
10998| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
10999| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
11000| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
11001| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
11002| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
11003| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
11004| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
11005| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
11006| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
11007| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
11008| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
11009| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
11010| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
11011| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
11012| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
11013| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
11014| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
11015| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
11016| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
11017| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
11018| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
11019| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
11020| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
11021| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
11022| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
11023| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
11024| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
11025| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
11026| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
11027| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
11028| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
11029| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
11030| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
11031| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
11032| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
11033| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
11034| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
11035| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
11036| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
11037| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
11038| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
11039| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
11040| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
11041| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
11042| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
11043| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
11044| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
11045| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
11046| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
11047| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
11048| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
11049| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
11050| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
11051| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
11052| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
11053| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
11054| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
11055| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
11056| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
11057| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
11058| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
11059| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
11060| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
11061| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
11062| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
11063| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
11064| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
11065| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
11066| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
11067| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
11068| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
11069| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
11070| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
11071| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
11072| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
11073| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
11074| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
11075| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
11076| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
11077| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
11078| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
11079| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
11080| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
11081| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
11082| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
11083| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
11084| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
11085| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
11086| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
11087| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
11088| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
11089| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
11090| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
11091| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
11092| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
11093| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
11094| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
11095| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
11096| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
11097| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
11098| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
11099| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
11100| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
11101| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
11102| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
11103| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
11104| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
11105| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
11106| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
11107| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
11108| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
11109| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
11110| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
11111| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
11112| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
11113| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
11114| [1197] Microsoft Office 2000 UA Control Vulnerability
11115| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
11116| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
11117| [539] Microsoft Windows 2000 EFS Vulnerability
11118| [180] Microsoft Windows April Fools 2001 Vulnerability
11119| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
11120| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
11121| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
11122| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
11123| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
11124| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
11125| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
11126| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
11127| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
11128| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
11129| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
11130| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
11131| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
11132| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
11133| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
11134| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
11135| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
11136| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
11137| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
11138| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
11139| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
11140| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
11141| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
11142| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
11143| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
11144| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
11145| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
11146| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
11147| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
11148| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
11149| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
11150| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
11151| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
11152| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
11153| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
11154| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
11155| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
11156| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
11157| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
11158| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
11159| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
11160| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
11161| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
11162| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
11163| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
11164| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
11165| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
11166| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
11167| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
11168| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
11169| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
11170| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
11171| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
11172| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
11173| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
11174| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
11175| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
11176| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
11177| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
11178| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
11179| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
11180| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
11181| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
11182| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
11183| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
11184|
11185| IBM X-Force - https://exchange.xforce.ibmcloud.com:
11186| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
11187| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
11188| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
11189| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
11190| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
11191| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
11192| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
11193| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
11194| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
11195| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
11196| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
11197| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
11198| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
11199| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
11200| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
11201| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
11202| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
11203| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
11204| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
11205| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
11206| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
11207| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
11208| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
11209| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
11210| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
11211| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
11212| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
11213| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
11214| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
11215| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
11216| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
11217| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
11218| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
11219| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
11220| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
11221| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
11222| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
11223| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
11224| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
11225| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
11226| [48595] Microsoft Word 2007 Email as PDF information disclosure
11227| [46102] Microsoft Windows 2003 SP2 is not installed on the system
11228| [46101] Microsoft Windows 2003 SP1 is not installed on the system
11229| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
11230| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
11231| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
11232| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
11233| [34599] Microsoft Windows Server 2003 terminal server security bypass
11234| [34473] Microsoft Office 2000 ActiveX control buffer overflow
11235| [33713] Microsoft Word 2007 multiple unspecified denial of service
11236| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
11237| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
11238| [31821] Microsoft Windows time zone update for year 2007
11239| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
11240| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
11241| [29546] Microsoft Windows 2000/2003 user logoff initiated
11242| [29545] Microsoft Windows 2000/2003 system time changed
11243| [29544] Microsoft Windows 2000/2003 system security access removed
11244| [29543] Microsoft Windows 2000/2003 security access granted
11245| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
11246| [29541] Microsoft Windows 2000/2003 primary security token issued
11247| [29540] Microsoft Windows 2000/2003 user password reset successful
11248| [29539] Microsoft Windows 2000/2003 object indirectly accessed
11249| [29538] Microsoft Windows 2000/2003 object handle duplicated
11250| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
11251| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
11252| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
11253| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
11254| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
11255| [29532] Microsoft Windows 2000/2003 IKE security association established
11256| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
11257| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
11258| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
11259| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
11260| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
11261| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
11262| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
11263| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
11264| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
11265| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
11266| [29521] Microsoft Windows 2000/2003 account name changed
11267| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
11268| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
11269| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
11270| [26118] Microsoft Office 2003 mailto: information disclosure
11271| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
11272| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
11273| [24473] Microsoft Windows 2000 event ID 565 not logged
11274| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
11275| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
11276| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
11277| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
11278| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
11279| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
11280| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
11281| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
11282| [22183] Microsoft Exchange Server 2003 public folder denial of service
11283| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
11284| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
11285| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
11286| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
11287| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
11288| [19629] Microsoft Exchange Server 2003 folder denial of service
11289| [17826] Microsoft Outlook 2003 CID security bypass
11290| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
11291| [17621] Microsoft Windows 2003 SMTP service code execution
11292| [17560] Microsoft Windows 2000 and XP GDI library denial of service
11293| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
11294| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
11295| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
11296| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
11297| [16907] Microsoft Windows 2003 users with Create global objects privilege
11298| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
11299| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
11300| [16704] Microsoft Windows 2000 Media Player control code execution
11301| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
11302| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
11303| [16570] Microsoft Windows 2003 Users with Create global objects privilege
11304| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
11305| [16562] Microsoft Windows 2003 Groups with "
11306| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
11307| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
11308| [16520] Microsoft Windows 2003 Create global objects privilege
11309| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
11310| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
11311| [16119] Microsoft Outlook 2000 URL spoofing
11312| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
11313| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
11314| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
11315| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
11316| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
11317| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
11318| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
11319| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
11320| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
11321| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
11322| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
11323| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
11324| [13426] Microsoft Windows 2000 and XP RPC race condition
11325| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
11326| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
11327| [13385] Microsoft Windows Server 2003 "
11328| [13211] Microsoft Windows 2000 and XP URG memory leak
11329| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
11330| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
11331| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
11332| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
11333| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
11334| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
11335| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
11336| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
11337| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
11338| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
11339| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
11340| [11901] Microsoft BizTalk Server 2002 SQL injection
11341| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
11342| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
11343| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
11344| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
11345| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
11346| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
11347| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
11348| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
11349| [11216] Microsoft Windows NT and 2000 command prompt denial of service
11350| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
11351| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
11352| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
11353| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
11354| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
11355| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
11356| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
11357| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
11358| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
11359| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
11360| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
11361| [9779] Microsoft Windows 2000 weak system partition permissions
11362| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
11363| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
11364| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
11365| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
11366| [8867] Microsoft Windows 2000 LanMan denial of service
11367| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
11368| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
11369| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
11370| [8739] Microsoft Windows 2000 DCOM memory leak
11371| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
11372| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
11373| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
11374| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
11375| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
11376| [8199] Microsoft Windows 2000 Terminal Services unlocked client
11377| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
11378| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
11379| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
11380| [8037] Microsoft Windows 2000 empty TCP packet denial of service
11381| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
11382| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
11383| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
11384| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
11385| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
11386| [7533] Microsoft Windows 2000 RunAs service denial of service
11387| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
11388| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
11389| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
11390| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
11391| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
11392| [7008] Microsoft Windows 2000 IrDA device denial of service
11393| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
11394| [6931] Microsoft Windows 2000 without Service Pack 2
11395| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
11396| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
11397| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
11398| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
11399| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
11400| [6669] Microsoft Windows 2000 Telnet system call denial of service
11401| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
11402| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
11403| [6666] Microsoft Windows 2000 Telnet username denial of service
11404| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
11405| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
11406| [6652] Microsoft Exchange 2000 OWA script execution
11407| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
11408| [6506] Microsoft Windows 2000 Server Kerberos denial of service
11409| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
11410| [6160] Microsoft Windows 2000 event viewer buffer overflow
11411| [6136] Microsoft Windows 2000 domain controller denial of service
11412| [6035] Microsoft Windows 2000 Server RDP denial of service
11413| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
11414| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
11415| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
11416| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
11417| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
11418| [5585] Microsoft Windows 2000 brute force attack
11419| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
11420| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
11421| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
11422| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
11423| [5263] Microsoft Office 2000 executes .dll without users knowledge
11424| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
11425| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
11426| [5203] Microsoft Windows 2000 still image service
11427| [5171] Microsoft Windows 2000 Local Security Policy corruption
11428| [5080] Microsoft Office 2000 HTML object tag buffer overflow
11429| [5033] Microsoft Windows 2000 without Service Pack 1
11430| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
11431| [5015] Microsoft Windows NT and 2000 executable path
11432| [4887] Microsoft Windows 2000 Kerberos ticket renewed
11433| [4886] Microsoft Windows 2000 logon session reconnected
11434| [4885] Microsoft Windows 2000 logon session disconnected
11435| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
11436| [4873] Microsoft Windows 2000 user account mapped for logon
11437| [4872] Microsoft Windows 2000 account logon failed
11438| [4871] Microsoft Windows 2000 account used for logon
11439| [4855] Microsoft Windows 2000 group type change
11440| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
11441| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
11442| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
11443| [4819] Microsoft Windows 2000 default SYSKEY configuration
11444| [4787] Microsoft Windows 2000 user account locked out
11445| [4786] Microsoft Windows 2000 computer account created
11446| [4785] Microsoft Windows 2000 computer account changed
11447| [4784] Microsoft Windows 2000 computer account deleted
11448| [4714] Microsoft Windows 2000 "
11449| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
11450| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
11451| [4138] Microsoft Windows 2000 system file integrity feature is disabled
11452| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
11453| [4085] Microsoft Windows 2000 non-Gregorial calendar error
11454| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
11455| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
11456| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
11457| [4080] Microsoft Windows 2000 AOL image support
11458| [4079] Microsoft Windows 2000 High Encryption Pack
11459| [3854] Microsoft Office 2000 security setting
11460| [1376] Microsoft Proxy 2.0 denial of service
11461| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
11462| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
11463| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
11464| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
11465| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
11466| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
11467| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
11468| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
11469| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
11470| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
11471| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
11472| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
11473| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
11474| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
11475| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
11476| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
11477| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
11478| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
11479| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
11480| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
11481| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
11482| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
11483| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
11484| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
11485| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
11486| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
11487| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
11488| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
11489| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
11490| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
11491| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
11492| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
11493| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
11494| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
11495| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
11496| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
11497| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
11498| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
11499| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
11500| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
11501| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
11502| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
11503| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
11504| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
11505| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
11506| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
11507| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
11508| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
11509| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
11510| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
11511| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
11512| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
11513| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
11514| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
11515| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
11516| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
11517| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
11518| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
11519| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
11520| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
11521| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
11522| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
11523| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
11524| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
11525| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
11526| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
11527| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
11528| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
11529| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
11530| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
11531| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
11532| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
11533| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
11534| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
11535| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
11536| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
11537| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
11538| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
11539| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
11540| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
11541| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
11542| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
11543| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
11544| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
11545| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
11546| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
11547| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
11548| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
11549| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
11550| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
11551| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
11552| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
11553| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
11554| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
11555| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
11556| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
11557| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
11558| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
11559| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
11560| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
11561| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
11562| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
11563| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
11564| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
11565| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
11566| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
11567| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
11568| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
11569| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
11570| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
11571| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
11572| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
11573| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
11574| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
11575| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
11576| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
11577| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
11578| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
11579| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
11580| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
11581| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
11582| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
11583| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
11584| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
11585| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
11586| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
11587| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
11588| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
11589| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
11590| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
11591| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
11592| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
11593| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
11594| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
11595| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
11596| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
11597| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
11598| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
11599| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
11600| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
11601| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
11602| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
11603| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
11604| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
11605| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
11606| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
11607| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
11608| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
11609| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
11610| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
11611| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
11612| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
11613| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
11614| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
11615| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
11616| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
11617| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
11618| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
11619| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
11620| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
11621| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
11622| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
11623| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
11624| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
11625| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
11626| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
11627| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
11628| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
11629| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
11630| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
11631| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
11632| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
11633| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
11634| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
11635| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
11636| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
11637| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
11638| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
11639| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
11640| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
11641| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
11642| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
11643| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
11644| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
11645| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
11646| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
11647| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
11648| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
11649| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
11650| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
11651| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
11652| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
11653| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
11654| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
11655| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
11656| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
11657| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
11658| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
11659| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
11660| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
11661| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
11662| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
11663| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
11664| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
11665| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
11666| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
11667| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
11668| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
11669| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
11670| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
11671| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
11672| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
11673| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
11674| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
11675| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
11676| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
11677| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
11678| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
11679| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
11680| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
11681| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
11682| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
11683| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
11684| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
11685| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
11686| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
11687| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
11688| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
11689| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
11690| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
11691| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
11692| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
11693| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
11694| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
11695| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
11696| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
11697| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
11698| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
11699| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
11700| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
11701| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
11702| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
11703| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
11704| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
11705| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
11706| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
11707| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
11708| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
11709| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
11710| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
11711| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
11712| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
11713| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
11714| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
11715| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
11716| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
11717| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
11718| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
11719| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
11720| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
11721| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
11722| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
11723| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
11724| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
11725| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
11726| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
11727| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
11728| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
11729| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
11730| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
11731| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
11732| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
11733| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
11734| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
11735| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
11736| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
11737| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
11738| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
11739| [9146] Microsoft Passport SDK 2.1 events reporting disabled
11740| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
11741| [9067] Microsoft Passport SDK 2.1 default test site exposure
11742| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
11743| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
11744| [9064] Microsoft Passport SDK 2.1 default time window exposure
11745| [1271] Microsoft IIS version 2 installed
11746| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
11747|
11748| Exploit-DB - https://www.exploit-db.com:
11749| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
11750| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
11751| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
11752| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
11753| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
11754| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
11755| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
11756| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
11757| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
11758| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
11759| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
11760| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
11761| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
11762| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
11763| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
11764| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
11765| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
11766| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
11767| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
11768| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
11769| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
11770| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
11771| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
11772| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
11773| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
11774| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
11775| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
11776| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
11777| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
11778| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
11779| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
11780| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
11781| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
11782| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
11783| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
11784| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
11785| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
11786| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
11787| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
11788| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
11789| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
11790| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
11791| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
11792| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
11793| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
11794| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
11795| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
11796| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
11797| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
11798| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
11799| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
11800| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
11801| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
11802| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
11803| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
11804| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
11805| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
11806| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
11807| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
11808| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
11809| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
11810| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
11811| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
11812| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
11813| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
11814| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
11815| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
11816| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
11817| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
11818| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
11819| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
11820| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
11821| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
11822| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
11823| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
11824| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
11825| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
11826| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
11827| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
11828| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
11829| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
11830| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
11831| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
11832| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
11833| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
11834| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
11835| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
11836| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
11837| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
11838| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
11839| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
11840| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
11841| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
11842| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
11843| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
11844| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
11845| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
11846| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
11847| [18334] Microsoft Office 2003 Home/Pro 0day
11848| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
11849| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
11850| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
11851| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
11852| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
11853| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
11854| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
11855| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
11856| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
11857| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
11858| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
11859| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
11860| [3690] microsoft office word 2007 - Multiple Vulnerabilities
11861| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
11862| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
11863| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
11864| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
11865| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
11866| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
11867| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
11868| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
11869| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
11870| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
11871| [22850] Microsoft Office OneNote 2010 Crash PoC
11872| [22679] Microsoft Visio 2010 Crash PoC
11873| [22655] Microsoft Publisher 2013 Crash PoC
11874| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
11875| [22330] Microsoft Office Excel 2010 Crash PoC
11876| [22310] Microsoft Office Publisher 2010 Crash PoC
11877| [22237] Microsoft Office Picture Manager 2010 Crash PoC
11878| [22215] Microsoft Office Word 2010 Crash PoC
11879| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
11880| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
11881| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
11882| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
11883| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
11884| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
11885| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
11886| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
11887| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
11888| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
11889|
11890| OpenVAS (Nessus) - http://www.openvas.org:
11891| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
11892| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
11893| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
11894| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
11895| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
11896| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
11897| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
11898| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
11899| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
11900| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
11901| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
11902| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
11903| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
11904|
11905| SecurityTracker - https://www.securitytracker.com:
11906| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
11907| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
11908| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
11909| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
11910| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
11911| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
11912| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
11913| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
11914| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
11915| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
11916| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
11917| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
11918| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
11919| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
11920| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
11921| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
11922| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
11923| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
11924| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
11925| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
11926| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
11927| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
11928| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
11929| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
11930| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
11931| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
11932| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
11933| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
11934| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
11935| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
11936| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
11937| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
11938| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
11939| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
11940| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
11941| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
11942| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
11943| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
11944| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
11945| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
11946| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
11947| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
11948| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
11949| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
11950| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
11951| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
11952| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
11953| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
11954| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
11955| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
11956| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
11957| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
11958| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
11959| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
11960| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
11961| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
11962| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
11963| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
11964| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
11965|
11966| OSVDB - http://www.osvdb.org:
11967| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
11968| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
11969| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
11970| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
11971| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
11972| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
11973| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
11974| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
11975| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
11976| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
11977| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
11978| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
11979| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
11980| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
11981| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
11982| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
11983| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
11984| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
11985| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
11986| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
11987| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
11988| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
11989| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
11990| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
11991| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
11992| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
11993| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
11994| [28539] Microsoft Word 2000 Unspecified Code Execution
11995| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
11996| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
11997| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
11998| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
11999| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
12000| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
12001| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
12002| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
12003| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
12004| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
12005| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
12006| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
12007| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
12008| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
12009| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
12010| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
12011| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
12012| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
12013| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
12014| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
12015| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
12016| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
12017| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
12018| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
12019| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
12020| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
12021| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
12022| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
12023| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
12024| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
12025| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
12026| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
12027| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
12028| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
12029| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
12030| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
12031| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
12032| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
12033| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
12034| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
12035| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
12036| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
12037| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
12038| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
12039| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
12040| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
12041| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
12042| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
12043| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
12044| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
12045| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
12046| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
12047| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
12048| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
12049| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
12050| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
12051| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
12052| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
12053| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
12054| [8243] Microsoft SMS Port 2702 DoS
12055| [7202] Microsoft PowerPoint 2000 File Loader Overflow
12056| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
12057| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
12058| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
12059| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
12060| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
12061| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
12062| [6965] Microsoft ISA Server 2000 SSL Packet DoS
12063| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
12064| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
12065| [5179] Microsoft Windows 2000 microsoft-ds DoS
12066| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
12067| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
12068| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
12069| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
12070| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
12071| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
12072| [4168] Microsoft Outlook 2002 mailto URI Script Injection
12073| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
12074| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
12075| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
12076| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
12077| [2244] Microsoft Windows 2000 ShellExecute() API Let
12078| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
12079| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
12080| [1764] Microsoft Windows 2000 Domain Controller DoS
12081| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
12082| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
12083| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
12084| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
12085| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
12086| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
12087| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
12088| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
12089| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
12090| [1399] Microsoft Windows 2000 Windows Station Access
12091| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
12092| [1297] Microsoft Windows 2000 Active Directory Object Attribute
12093| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
12094| [773] Microsoft Windows 2000 Group Policy File Lock DoS
12095| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
12096| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
12097| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
12098| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
12099| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
12100| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
12101|_
12102139/tcp closed netbios-ssn
12103443/tcp open ssl/http Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
12104| vulscan: VulDB - https://vuldb.com:
12105| [141625] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 DirectX memory corruption
12106| [141624] Microsoft Windows 7 SP1/Server 2008 R2 SP1 Graphics Component information disclosure
12107| [139966] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel information disclosure
12108| [139923] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Graphics Component information disclosure
12109| [139905] Microsoft Windows Server 2008 SP2 DHCP Server memory corruption
12110| [137573] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12111| [137567] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12112| [137566] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12113| [137565] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12114| [137564] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12115| [136343] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12116| [136342] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12117| [136341] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12118| [136316] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12119| [136315] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12120| [136313] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12121| [136311] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12122| [136309] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12123| [136302] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12124| [136298] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI information disclosure
12125| [136297] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
12126| [131683] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Win32k memory corruption
12127| [131642] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Active Directory privilege escalation
12128| [127822] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 Kernel information disclosure
12129| [125103] Microsoft Windows Server 2008 SP2 Graphics Component information disclosure
12130| [123853] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel Memory information disclosure
12131| [122858] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 LNK memory corruption
12132| [122833] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI+ memory corruption
12133| [121109] Microsoft Wireless Display Adapter V2 2.0.8350/2.0.8365/2.0.8372 privilege escalation
12134| [120449] Microsoft Forefront Unified Access Gateway 2000 InitParams.aspx Parameter Server-Side Request Forgery
12135| [119469] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Kernel privilege escalation
12136| [116015] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
12137| [114563] Microsoft Office 2007 SP3/2010 SP2/2013/2013 RT SP1 memory corruption
12138| [114528] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 GDI privilege escalation
12139| [114524] Microsoft ASP.NET Core 2.0 denial of service
12140| [114523] Microsoft ASP.NET Core 2.0 Kestrel Web Application privilege escalation
12141| [113257] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
12142| [113256] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
12143| [113255] Microsoft Windows 7 SP1/Server 2008 SP2/Server 2012 Kernel information disclosure
12144| [113247] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
12145| [113246] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
12146| [113245] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2012 EOT Font Engine information disclosure
12147| [113244] Microsoft Windows 7 SP1/Server 2008 R2 SP1 EOT Font Engine information disclosure
12148| [113235] Microsoft Outlook 2007 SP3/2010 SP2/2013 SP1/2016 privilege escalation
12149| [113234] Microsoft Office 2007 SP2/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12150| [113216] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12151| [112285] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12152| [112284] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12153| [112283] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12154| [112282] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12155| [111578] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12156| [111577] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12157| [111576] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12158| [111575] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12159| [111574] Microsoft Word 2003/2007/2010/2013/2016 Equation Editor memory corruption
12160| [111573] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
12161| [111572] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
12162| [111570] Microsoft Office 2007/2010/2013/2016 Equation Editor memory corruption
12163| [111568] Microsoft Excel 2007/2010/2013/2016 memory corruption
12164| [111566] Microsoft Word 2007/2010/2013/2016 memory corruption
12165| [111565] Microsoft Word 2007/2010/2013 Email Message memory corruption
12166| [111563] Microsoft Outlook 2007/2010/2013/2016 Email Message privilege escalation
12167| [111347] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Color Management Icm32.dll information disclosure
12168| [109388] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 memory corruption
12169| [109387] Microsoft ASP.NET Core 2.0 privilege escalation
12170| [109386] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12171| [109385] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature Macro privilege escalation
12172| [109381] Microsoft Office/Word 2007 SP3/2010 SP2 memory corruption
12173| [107703] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12174| [106530] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12175| [106528] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12176| [106515] Microsoft Publisher 2007 SP3/2010 SP2 memory corruption
12177| [106497] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Uniscribe memory corruption
12178| [106476] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12179| [106475] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12180| [105051] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 Font Library privilege escalation
12181| [105032] Microsoft Internet Explorer 9/10 on Server 2008/Server 2012 memory corruption
12182| [102513] Microsoft Windows Server 2003 SP2/XP SP3 OLE olecnv32.dll privilege escalation
12183| [102512] Microsoft Windows Server 2003 SP2/XP SP3 rpc privilege escalation
12184| [102511] Microsoft Windows Server 2003 SP2/XP SP3 RDP EsteemAudit privilege escalation
12185| [102447] Microsoft PowerPoint/SharePoint Server 2007 SP3 privilege escalation
12186| [102444] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
12187| [102442] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
12188| [102441] Microsoft Outlook 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12189| [102401] Microsoft Windows 7 SP1/Server 2008 R2 SP1 GDI USP10!NextCharInLiga Uniscribe Font information disclosure
12190| [101491] Microsoft Windows up to XP SP3/Server 2003 SP2 Remote Desktop Protocol gpkcsp.dll memory corruption
12191| [101017] Microsoft Office 2007 SP3/2010 SP2/2016 memory corruption
12192| [101012] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1/2016 memory corruption
12193| [101011] Microsoft Windows 7 SP1/Server 2008 R2 SP1/Server 2008 SP2 ActiveX Object Memory memory corruption
12194| [100854] Microsoft Windows Server 2003 SP2 RRAS ERRATICGOPHER memory corruption
12195| [99904] Microsoft Windows Server 2003 SP2/XP SP3 SmartCard Authentication RDP Packet EsteemAudit privilege escalation
12196| [99698] Microsoft OneNote 2007 SP3/2010 SP2 DLL Loader privilege escalation
12197| [99684] Microsoft Excel 2007 SP3/2010 SP2 Memory information disclosure
12198| [99654] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
12199| [99653] Microsoft Outlook 2007 SP3/2010 SP2/2011/2013 SP1/2016 Email Message privilege escalation
12200| [99533] Microsoft Office 2007/2010/2013/2016 RTF Document Necurs Dridex memory corruption
12201| [98561] Microsoft IIS 6.0 on Windows Server 2003 WebDAV ScStoragePathFromUrl Long Header memory corruption
12202| [98092] Microsoft SharePoint Server 2007 SP3 memory corruption
12203| [98088] Microsoft SharePoint Server 2007 SP3 memory corruption
12204| [98087] Microsoft Office 2007 SP3/2010 SP2 memory corruption
12205| [98086] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12206| [98085] Microsoft Excel 2007 SP3 memory corruption
12207| [98084] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
12208| [98083] Microsoft Word 2007 SP3/2010 SP2/2011 memory corruption
12209| [98078] Microsoft Word/Excel 2007 SP3 memory corruption
12210| [98072] Microsoft Office 2007 SP3/2010 SP2/Word Viewer Graphics Component privilege escalation
12211| [98071] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
12212| [98070] Microsoft Office 2007 SP3/2010 SP2/Word Viewer GDI+ information disclosure
12213| [94450] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
12214| [94449] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
12215| [94448] Microsoft Office 2007 SP3/2010 SP2/2011/2013 SP1 information disclosure
12216| [94445] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 information disclosure
12217| [94441] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
12218| [94440] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12219| [94439] Microsoft Office 2007 SP3/2011 privilege escalation
12220| [94438] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
12221| [93542] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 memory corruption
12222| [93541] Microsoft Office 2007 SP3 denial of service
12223| [93539] Microsoft Office 2007/2010 SP2/2011 memory corruption
12224| [93538] Microsoft Office 2007/2010 SP2/2011/2013 SP1 memory corruption
12225| [93537] Microsoft Office 2007/2010 SP2/2011 memory corruption
12226| [93396] Microsoft Office 2007/2010/2011 memory corruption
12227| [93395] Microsoft Office 2007/2010/2011 memory corruption
12228| [93394] Microsoft Office 2007/2010 memory corruption
12229| [92596] Microsoft Windows 7 SP1/Server 2008 R2/Server 2008 SP2/Vista SP2 Internet Messaging API File information disclosure
12230| [91554] Microsoft Exchange 2007/2010/2013/2016 Email information disclosure
12231| [91553] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12232| [91552] Microsoft Office 2007/2010/2013/2013 RT/2016 spoofing
12233| [91551] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12234| [91549] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12235| [91548] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12236| [91546] Microsoft Office 2007/2010/2013/2013 RT memory corruption
12237| [91545] Microsoft Office 2007/2010 memory corruption
12238| [91544] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12239| [91542] Microsoft Office 2007/2010/2013/2013 RT/2016 information disclosure
12240| [90707] Microsoft OneNote 2007/2010/2013/2013 RT/2016 information disclosure
12241| [90706] Microsoft Office 2007/2010/2013/2013 RT Graphics memory corruption
12242| [90705] Microsoft Office 2007/2010/2011 memory corruption
12243| [90703] Microsoft Office 2007/2010/2013/2013 RT/2016 memory corruption
12244| [89039] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
12245| [89034] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
12246| [87960] Microsoft Windows Server 2008 R2/Server 2012/Server 2012 R2 Active Directory denial of service
12247| [87955] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
12248| [87954] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
12249| [87953] Microsoft Exchange 2007/2010/2013/2016 Oracle Outside In Libraries privilege escalation
12250| [87939] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL memory corruption
12251| [87938] Microsoft Office 2007 SP3/2010 SP2/2011 information disclosure
12252| [87937] Microsoft Office 2007 SP3/2010 SP2/2011 memory corruption
12253| [87935] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
12254| [87934] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
12255| [87933] Microsoft Windows Server 2008 R2 SP1/Server 2008 SP2/Vista SP2 VBScript/JScript memory corruption
12256| [87147] Microsoft Office 2007/2010 memory corruption
12257| [87145] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
12258| [87144] Microsoft Windows Server 2008/Vista SP2 JScript/VBScript memory corruption
12259| [82228] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
12260| [82225] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
12261| [82224] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
12262| [81273] Microsoft Office 2007/2010/2013/2016 memory corruption
12263| [81272] Microsoft Office 2007/2010/2013 memory corruption
12264| [81265] Microsoft Windows Server 2008/Vista SP2 Library Loader memory corruption
12265| [80872] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12266| [80871] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12267| [80869] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
12268| [79506] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Library Loader memory corruption
12269| [79505] Microsoft Office 2007 memory corruption
12270| [79504] Microsoft Office 2007/2010/2013/2016 memory corruption
12271| [79503] Microsoft Office 2007/2010/2013 memory corruption
12272| [79502] Microsoft Office 2007/2010/2011 memory corruption
12273| [79501] Microsoft Office 2007/2010 memory corruption
12274| [79499] Microsoft Windows 7/Server 2008 R2 Uniscribe memory corruption
12275| [79493] Microsoft Windows Server 2008/Vista Graphics memory corruption
12276| [79190] Microsoft Word 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
12277| [79189] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1/2016 Office Document memory corruption
12278| [79187] Microsoft Office 2007 SP3/2010 SP2/2013 SP1/2016 Sandbox privilege escalation
12279| [79167] Microsoft Windows 7/Server 2008/Server 2008 R2/Vista Journal memory corruption
12280| [78372] Microsoft Visio 2007 SP3/2010 SP2 UML Data memory corruption
12281| [78371] Microsoft SharePoint Server 2007 SP3/2010 SP2 InfoPath Forms Services XXE information disclosure
12282| [77646] Microsoft Office 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 EPS Image memory corruption
12283| [77629] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
12284| [77627] Microsoft Excel 2007 SP3/2010 SP2 Office Document memory corruption
12285| [77626] Microsoft Excel 2007 SP3/2010 SP2/2011/2016 Office Document memory corruption
12286| [77617] Microsoft Office 2007 SP3/2010 SP2 OpenType Font memory corruption
12287| [77252] Microsoft Office 2007 SP3/2010 SP2 Office Graphics Library Font memory corruption
12288| [77038] Microsoft Windows Server 2008 SP2 UDDI Services cross site scripting
12289| [76497] Microsoft PowerPoint 2007 SP3/2010 SP2/2013 SP1 Office Document memory corruption
12290| [76491] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
12291| [76467] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
12292| [76466] Microsoft Word 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
12293| [76464] Microsoft Excel 2007 SP3/2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
12294| [76463] Microsoft Excel 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 Office Document memory corruption
12295| [76449] Microsoft Windows 8/8.1/Server 2008/Server 2012/Server 2012 R2 Hyper-V memory corruption
12296| [76440] Microsoft SQL Server 2008/2008 R2/2012/2014 Virtual Function Uninitialized Memory memory corruption
12297| [76439] Microsoft SQL Server 2008/2008 R2/2012/2014 Uninitialized Memory memory corruption
12298| [76438] Microsoft SQL Server 2008/2008 R2/2012/2014 Pointer Casting privilege escalation
12299| [75783] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services cross site scripting
12300| [75338] Microsoft SharePoint 2007/2010/2013 Content privilege escalation
12301| [75337] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
12302| [75336] Microsoft Office 2007 SP3/2010 SP2/2011/2013 RT SP1/2013 SP1 memory corruption
12303| [74845] Microsoft Office 2007/2010/2013 Document Use-After-Free memory corruption
12304| [74844] Microsoft Office 2007/2010 Document Use-After-Free memory corruption
12305| [74837] Microsoft Office 2007/2010/2011/2013 RTF Document Use-After-Free privilege escalation
12306| [73979] Microsoft Exchange Server 2003 CU7/2003 SP1 Meeting privilege escalation
12307| [73978] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
12308| [73977] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
12309| [73976] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
12310| [73975] Microsoft Exchange Server 2003 CU7/2003 SP1 cross site scripting
12311| [73964] Microsoft SharePoint 2007/2010/2013 cross site scripting
12312| [69158] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
12313| [69157] Microsoft Office 2007/2010/2013 OneTableDocumentStream memory corruption
12314| [68416] Microsoft Exchange 2007/2010/2013 Outlook Web Access Token spoofing
12315| [68409] Microsoft Office 2007/2010/2013 Use-After-Free memory corruption
12316| [68408] Microsoft Excel 2007/2010/2013 memory corruption
12317| [68407] Microsoft Excel 2007/2010 memory corruption
12318| [68405] Microsoft Word 2007/2010 Index Use-After-Free memory corruption
12319| [68195] Microsoft Windows 7/Server 2003/Server 2008/Vista Input Method Editor Sandbox privilege escalation
12320| [68189] Microsoft Windows Server 2003 SP2 TCP/IP Stack Stack-Based memory corruption
12321| [68188] Microsoft Word 2007 File memory corruption
12322| [68187] Microsoft Word 2007 File memory corruption
12323| [68186] Microsoft Word 2007 File memory corruption
12324| [67829] Microsoft Office 2007/2010/2011 Object memory corruption
12325| [67825] Microsoft .NET Framework 2.0/3.5/3.5.1 ASLR privilege escalation
12326| [71337] Microsoft Office 2000/2004/XP memory corruption
12327| [67355] Microsoft OneNote 2007 File Processing privilege escalation
12328| [67354] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 SQL Master Data Services cross site scripting
12329| [67353] Microsoft SQL Server 2008 R2 SP2/2008 SP3/2012 SP1/2014 T-SQL Query Stack-Based memory corruption
12330| [67018] Microsoft Windows Server 2008/Server 2012/Server 2012 R2 Service Bus AMQP Message denial of service
12331| [13545] Microsoft Word 2007 Embedded Font memory corruption
12332| [13397] Microsoft Windows 2000/Server 2003/XP DHCP Response DHCP ACK spoofing
12333| [13462] Microsoft Visual Studio 2002/2003/2005/2010 Debug Interface msdia.dll PDB File memory corruption
12334| [13229] Microsoft Office 2007/2010/2013 Common Control Library MSCOMCTL.OCX privilege escalation
12335| [13227] Microsoft Office 2007/2010/2013 Chinese Grammar Checker Library privilege escalation
12336| [13226] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
12337| [13225] Microsoft SharePoint Server 2007/2010/2013 cross site scripting
12338| [13224] Microsoft SharePoint Server 2007/2010/2013 Page memory corruption
12339| [12859] Microsoft Word 2003 Office Document Stack-Based memory corruption
12340| [12852] Microsoft Publisher 2003/2007 Publisher File pubconv.dll memory corruption
12341| [12845] Microsoft Word 2003 Office File Stack-Based memory corruption
12342| [12844] Microsoft Word 2007/2010 Office File memory corruption
12343| [12843] Microsoft Office 2007/2010/2011/2013 XML Parser Nested Entities Memory Consumption denial of service
12344| [12687] Microsoft Word/Office/Outlook 2003/2007/2010/2013 RTF Document memory corruption
12345| [12530] Microsoft Windows Server 2003/Server 2008/Server 2012/Vista/XP Security Account Manager Lockout privilege escalation
12346| [12266] Microsoft .NET Framework 2.0 SP2/3.5.1 ASLR Bypass privilege escalation
12347| [12070] Apple Pages 2.0/2.0.1/2.0.2/5.0/5.0.1 on Mac Microsoft Word Document memory corruption
12348| [11950] Microsoft Office Compability Pack/Word 2007 SP3 File memory corruption
12349| [11949] Microsoft Word Viewer/Office Compatibility Pack/Word 2003 SP3/2007 SP3 File memory corruption
12350| [11494] Microsoft .NET Framework 2.0 SP2/3.5.1/4/4.5/4.5.1 MAC Authentication privilege escalation
12351| [11448] Microsoft Office 2007/2010 Address Space Layout Randomization privilege escalation
12352| [11148] Microsoft Office 2003/2007 WordPerfect Document epsimp32.flt memory corruption
12353| [11146] Microsoft Office 2003/2007 epsimp32.flt memory corruption
12354| [11230] Microsoft Word 2003 DOC Document Embedded Image denial of service
12355| [11081] Microsoft Windows Server 2008/Vista TIFF Image memory corruption
12356| [10648] Microsoft Word 2007 Word File memory corruption
12357| [10647] Microsoft Word 2003 Word File memory corruption
12358| [10643] Microsoft SharePoint Server 2007/2010/2013 Input Sanitizer memory corruption
12359| [10642] Microsoft SharePoint Server 2007/2010 Content Display in Frames privilege escalation
12360| [10247] Microsoft SharePoint Server 2007/2010/2013 Online Cloud cross site scripting
12361| [10245] Microsoft Office 2003/2007/2010 Word File memory corruption
12362| [10244] Microsoft Office 2003 SP3 Word File memory corruption
12363| [10243] Microsoft Office 2003/2007 Word File memory corruption
12364| [10242] Microsoft Office 2007 Word File memory corruption
12365| [10241] Microsoft Office 2007 Word File memory corruption
12366| [10240] Microsoft Office 2003/2007/2010 Word File memory corruption
12367| [10239] Microsoft Office 2003/2007 Word File memory corruption
12368| [10238] Microsoft Excel 2003/2007 XML External Entity Data information disclosure
12369| [10237] Microsoft Excel 2003/2007/2010 XML External Entity Data information disclosure
12370| [10236] Microsoft Word/Office 2003/2007 XML External Entity Data information disclosure
12371| [10234] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12372| [10232] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12373| [10231] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12374| [10230] Microsoft Word/Sharepoint 2003 SP3/2007 SP3/2010 SP1 Office File memory corruption
12375| [10229] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12376| [10228] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12377| [10227] Microsoft Access 2007/2010/2013 Access File ACCDB File memory corruption
12378| [10192] Microsoft Windows 7/2000/Server 2003 SP2/Vista/XP SP3 Windows Theme File privilege escalation
12379| [10191] Microsoft Windows Server 2003/XP OLE Object privilege escalation
12380| [10190] Microsoft Windows 7/8/Server 2008/Vista Active Directory denial of service
12381| [10189] Microsoft Outlook 2007/2010 S/MIME privilege escalation
12382| [9941] Microsoft Windows Server 2003/XP Unicode Scripts Processor USP10.DLL Uniscribe Font memory corruption
12383| [9929] Microsoft Windows Server 2008/Server 2012 Active Directory Federation Services Unspecified Account information disclosure
12384| [9715] Microsoft PowerPoint 2007 DirectShow Runtime quartz.dll GetMaxSampleSize denial of service
12385| [9397] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Array privilege escalation
12386| [9394] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 on 64-bit Array memory corruption
12387| [9393] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Permission privilege escalation
12388| [8738] Microsoft Visio 2003 SP3/2007 SP3/2010 SP1 XML Parser File information disclosure
12389| [8737] Microsoft Word 2003 SP3 Shape Data Parser File memory corruption
12390| [8736] Microsoft Publisher 2003 SP3 PUB File memory corruption
12391| [8735] Microsoft Publisher 2003 SP3/2007 SP3/2010 SP1 PUB File memory corruption
12392| [8734] Microsoft Publisher 2003 SP3 PUB File memory corruption
12393| [8733] Microsoft Publisher 2003 SP3 PUB File memory corruption
12394| [8732] Microsoft Publisher 2003 SP3 PUB File memory corruption
12395| [8731] Microsoft Publisher 2003 SP3 PUB File memory corruption
12396| [8730] Microsoft Publisher 2003 SP3 PUB File memory corruption
12397| [8729] Microsoft Publisher 2003 SP3 PUB File memory corruption
12398| [8728] Microsoft Publisher 2003 SP3 PUB File memory corruption
12399| [8727] Microsoft Publisher 2003 SP3 PUB File memory corruption
12400| [8726] Microsoft Publisher 2003 PUB File Eingabe memory corruption
12401| [8723] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 XML File spoofing
12402| [7643] Microsoft Windows Server 2008 R2/Server 2012 NFS Server NULL Pointer Dereference denial of service
12403| [7642] Microsoft Exchange 2007/2010 Outlook Web Access vspdx.dll) privilege escalation
12404| [7641] Microsoft Windows Server 2003/Server 2008/Vista/XP DirectShow Quartz.dll memory corruption
12405| [8589] Microsoft System Center Operations Manager 2007 R2/2007 SP1 ViewTypeManager.aspx cross site scripting
12406| [7252] Microsoft System Center Operations Manager 2007 ExecuteTask.aspx cross site scripting
12407| [7251] Microsoft System Center Operations Manager 2007 cross site scripting
12408| [7248] Microsoft Windows 7/Server 2008 R2 Print Spooler privilege escalation
12409| [7121] Microsoft Exchange 2007/2010 RSS Feed denial of service
12410| [7118] Microsoft Windows Server 2008 R2/Server 2012 IP-HTTPS unknown vulnerability
12411| [62914] Microsoft Office 2003 SP3/2007 SP3/2008/2010 SP1/2011 Spreadsheet Use-After-Free memory corruption
12412| [7058] Microsoft Windows 7/Server 2008 R2 DHCPv6 Message denial of service
12413| [6935] Microsoft Office Excel 2003/2007/2010 Input Sanitizer File Stack-based memory corruption
12414| [6934] Microsoft Office Excel 2003/2007/2010 Input Sanitizer memory corruption
12415| [6933] Microsoft Office Excel 2003/2007/2010 SerAuxErrBar File memory corruption
12416| [6929] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 Web Proxy Setting Auto-Discovery memory corruption
12417| [6927] Microsoft .NET Framework 2.0 SP2/3.5.1 Trusted Code Function information disclosure
12418| [6918] Microsoft Excel 2007 SP2 Input Sanitizer File memory corruption
12419| [6830] Microsoft Word 2007/2010 File memory corruption
12420| [6819] Microsoft Excel 2007 File memory corruption
12421| [6627] Microsoft Windows 7/Server 2008 R2 Kerberos denial of service
12422| [6626] Microsoft SharePoint/Lync/Infopath 2007/2010 HTML Sanitization cross site scripting
12423| [6621] Microsoft Word 2007 PAPX memory corruption
12424| [62239] Microsoft Systems Management Server 2003 Configuration Manager Reflected cross site scripting
12425| [5945] Microsoft Office 2007/2010 Computer Graphics Metafile memory corruption
12426| [5939] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Print Spooler Service memory corruption
12427| [5938] Microsoft Windows 7/Server 2003/Server 2008 R2/Vista/XP Remote Administration Protocol netapi32.dll RAP Request denial of service
12428| [5933] Microsoft SQL Server 2000/2005/2008/2008 R2 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
12429| [5932] Microsoft Office 2003/2007/2010 Common Controls TabStrip ActiveX MSCOMCTL.OCX memory corruption
12430| [5654] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP information disclosure
12431| [5653] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
12432| [5652] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP win32k.sys memory corruption
12433| [5650] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
12434| [5649] Microsoft Office 2003/2007/2010 libraries memory corruption
12435| [5645] Microsoft SharePoint 2007/2010/3.0 Reflected cross site scripting
12436| [5643] Microsoft SharePoint 2007/2010 information disclosure
12437| [5642] Microsoft SharePoint 2007 cross site request forgery
12438| [5553] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Font atmfd.dll denial of service
12439| [5524] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP memory corruption
12440| [5518] Microsoft .NET Framework 2.0 SP2/3.5/3.5.1/4/4.5 memory corruption
12441| [5362] Microsoft Office 2003/2007 GDI+ memory corruption
12442| [5291] Microsoft Visual Studio 2008 Incremental Linker link.exe ConvertRgImgSymToRgImgSymEx memory corruption
12443| [5268] Microsoft Office 2008 on Mac RTF Pfragment File memory corruption
12444| [5080] Microsoft SQL Server 2005/2008/2008R2 CREATE DATABASE sql injection
12445| [5050] Microsoft Office 2007 WPS Converter Heap-based memory corruption
12446| [5049] Microsoft SQL Server 2000/2005/2008 MSCOMCTL.OCX privilege escalation
12447| [5048] Microsoft Office 2003/2007/2010 MSCOMCTL.OCX privilege escalation
12448| [5046] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Windows Authenticode Signature Verification WinVerifyTrust Signature privilege escalation
12449| [4803] Microsoft Windows Server 2003/Server 2008 DNS Server Domain Resource Record Query Parser denial of service
12450| [4802] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Protocol denial of service
12451| [4798] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Remote Desktop Service memory corruption
12452| [60205] Microsoft .NET Framework 2.0 SP2/3.5.1 Heap-based memory corruption
12453| [4642] Microsoft .NET Framework 2.0 SP2/3.5.1/4 XAML Browser Application memory corruption
12454| [60065] Microsoft Windows 2000 mod_sql unknown vulnerability
12455| [4535] Microsoft Windows Server 2003/XP Object Packager packager.exe privilege escalation
12456| [4534] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Line21 DirectShow Filter Quartz.dll/Qdvd.dll Media File memory corruption
12457| [4533] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Multimedia Library winmm.dll MIDI File memory corruption
12458| [4507] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 Forms Authentication privilege escalation
12459| [59666] Microsoft Publisher 2003/2007 "Publisher memory corruption
12460| [4482] Microsoft Word 2007/2010/2011 Document Parser memory corruption
12461| [4480] Microsoft Excel 2003 memory corruption
12462| [4478] Microsoft Windows Server 2003/XP OLE Objects Memory Management memory corruption
12463| [4477] Microsoft PowerPoint 2007 SP2/2008 OfficeArt Use-After-Free memory corruption
12464| [4474] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Active Directory Query memory corruption
12465| [4473] Microsoft PowerPoint 2007 SP2/2010 DLL-Loader memory corruption
12466| [4471] Microsoft Office 2003/2007 Publisher Out-of-Bounds memory corruption
12467| [4470] Microsoft Office 2003 SP3 memory corruption
12468| [4453] Microsoft Excel 2003 Record Parser memory corruption
12469| [4446] Microsoft Office 2007/2008 OfficeArt Record Parser memory corruption
12470| [4445] Microsoft Office 2007/2010/2011 Word Document Parser memory corruption
12471| [4438] Microsoft Windows 7/Server 2008/Vista TCP/IP Reference Counter denial of service
12472| [5358] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP TrueType Font Handling memory corruption
12473| [59005] Microsoft Host Integration Server 2004 denial of service
12474| [58492] Microsoft SharePoint Server 2007 Spreadsheet memory corruption
12475| [58491] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
12476| [58490] Microsoft Office Compatibility Pack 2007 Spreadsheet memory corruption
12477| [58489] Microsoft Office 2004/2007/2008/2010/2011 Spreadsheet memory corruption
12478| [58488] Microsoft Office 2007/2010 memory corruption
12479| [4412] Microsoft Office 2003/2007 Library Loader unknown vulnerability
12480| [4411] Microsoft Excel 2003 memory corruption
12481| [4409] Microsoft Windows Server 2003/Server 2008 WINS unknown vulnerability
12482| [58240] Microsoft Visio 2003/2007 memory corruption
12483| [58237] Microsoft Visio 2003/2007/2010 memory corruption
12484| [4396] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
12485| [4393] Microsoft Windows Server 2008 DNS Service memory corruption
12486| [4391] Microsoft .NET Framework 2.0 SP2/3.5.1/4 Socket Restriction privilege escalation
12487| [4390] Microsoft Windows Server 2008 Remote Desktop Web Access cross site scripting
12488| [4388] Microsoft Windows 7/Server 2008/Vista File Metadata Parser denial of service
12489| [57691] Microsoft SQL Server 2008 Web Service information disclosure
12490| [57690] Microsoft Excel 2002/2003 Spreadsheet memory corruption
12491| [57689] Microsoft Excel 2002 Spreadsheet memory corruption
12492| [57688] Microsoft Excel 2002 Spreadsheet memory corruption
12493| [57687] Microsoft Excel 2002/2003/2007 Spreadsheet memory corruption
12494| [57686] Microsoft Excel 2002 Spreadsheet memory corruption
12495| [57685] Microsoft Excel 2002/2003/2007 Array Access memory corruption
12496| [57684] Microsoft Excel 2002/2003/2007/2010 Spreadsheet memory corruption
12497| [4369] Microsoft Excel 2002/2003/2007 memory corruption
12498| [4367] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
12499| [4362] Microsoft Windows 7/Server 2008/Vista denial of service
12500| [57420] Microsoft PowerPoint 2002/2003 memory corruption
12501| [4349] Microsoft Office 2004/2007/2008 Presentation File Parser memory corruption
12502| [4348] Microsoft PowerPoint 2002/2003/2007 memory corruption
12503| [57077] Microsoft Excel 2002 Uninitialized Memory memory corruption
12504| [57078] Microsoft Office 2003/2007/Xp docx unknown vulnerability
12505| [57079] Microsoft PowerPoint 2002/2003/2007/2010 memory corruption
12506| [57076] Microsoft Excel 2002/2003 memory corruption
12507| [57075] Microsoft Excel 2002/2003 memory corruption
12508| [57074] Microsoft Excel 2002 memory corruption
12509| [57073] Microsoft Excel 2002/2003/2007/2010 memory corruption
12510| [4334] Microsoft .NET Framework 2.0 SP2/3.5 SP1/3.5.1/4.0 JIT Compiler memory corruption
12511| [4332] Microsoft PowerPoint 2007/2010 memory corruption
12512| [4301] Microsoft Windows Server 2003 SMB Browser Heap-based denial of service
12513| [56475] Microsoft Office 2004/2008 memory corruption
12514| [56414] Microsoft Visio 2002/2003/2007 ELEMENTS.DLL memory corruption
12515| [56413] Microsoft Visio 2002/2003/2007 Exception ORMELEMS.DLL memory corruption
12516| [4298] Microsoft Windows 7/Server 2008 JScript/VBScript Engine information disclosure
12517| [4297] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP OpenType Compact Font Format Driver privilege escalation
12518| [4296] Microsoft Windows Server 2003/XP LSASS Authentication Request unknown vulnerability
12519| [4295] Microsoft Windows 7/Server 2008 Kerberos weak authentication
12520| [4294] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys unknown vulnerability
12521| [4293] Microsoft Windows Server 2003/XP Kerberos CRC32 Checksum privilege escalation
12522| [4292] Microsoft Windows Server 2003/XP CSRSS Logoff privilege escalation
12523| [4289] Microsoft Excel 2007 Shape Data Parser memory corruption
12524| [4286] Microsoft PowerPoint 2002 SP3/2003 SP3/2004/2007 SP2/2008 OfficeArt Container Parser memory corruption
12525| [4279] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP MHTML cross site scripting
12526| [56176] Microsoft Windows 7/Server 2003/XP fxscover.exe CDrawPoly::Serialize memory corruption
12527| [55772] Microsoft Publisher 2002 pubconv.dll memory corruption
12528| [55771] Microsoft Publisher 2002/2003/2010 memory corruption
12529| [55765] Microsoft Office 2003/Xp Integer memory corruption
12530| [55764] Microsoft Office 2003/Xp memory corruption
12531| [55750] Microsoft Publisher 2002/2003 pubconv.dll memory corruption
12532| [55749] Microsoft Publisher 2002/2003/2007/2010 pubconv.dll memory corruption
12533| [55748] Microsoft Publisher 2002/2003/2007 pubconv.dll memory corruption
12534| [4230] Microsoft Exchange 2007 on 64-bit RPC store.exe MAPI Request denial of service
12535| [4229] Microsoft SharePoint 2007 Document Conversion Launcher Service Eingabeung\xC3\xBCltigkeit
12536| [4228] Microsoft Windows Server 2008 Hyper-V VMBus denial of service
12537| [4224] Microsoft Windows 7/Server 2008/Vista Consent User Interface privilege escalation
12538| [4231] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Driver win32k.sys GreEnableEUDC denial of service
12539| [55420] Microsoft Office 2007/2010 memory corruption
12540| [55419] Microsoft Office 2004/2008/2011/Xp memory corruption
12541| [55412] Microsoft PowerPoint Viewer 2007 memory corruption
12542| [55411] Microsoft PowerPoint 2002/2003 memory corruption
12543| [4204] Microsoft Windows Server 2008 Color Control Panel Eingabeung\xC3\xBCltigkeit
12544| [54995] Microsoft Office 2004/2008 memory corruption
12545| [54994] Microsoft Office 2004/2008 Out-of-Bounds memory corruption
12546| [54993] Microsoft Office Compatibility Pack 2007 memory corruption
12547| [54992] Microsoft Excel 2002 memory corruption
12548| [54991] Microsoft Office 2004 Future memory corruption
12549| [54990] Microsoft Office 2004 memory corruption
12550| [54989] Microsoft Office 2004/2008 memory corruption
12551| [54988] Microsoft Excel 2002 memory corruption
12552| [54987] Microsoft Excel 2002 memory corruption
12553| [54986] Microsoft Excel 2002/2003 memory corruption
12554| [54985] Microsoft Office Compatibility Pack 2003/2004/2007/2008 memory corruption
12555| [54984] Microsoft Office 2004/2008 memory corruption
12556| [54983] Microsoft Excel 2002 Integer memory corruption
12557| [54980] Microsoft Word 2002/2003 memory corruption
12558| [54979] Microsoft Word 2002 memory corruption
12559| [54978] Microsoft Word 2002 memory corruption
12560| [54977] Microsoft Word 2002 Heap-based memory corruption
12561| [54976] Microsoft Word 2002 memory corruption
12562| [54975] Microsoft Word 2002 memory corruption
12563| [54974] Microsoft Word 2002 memory corruption
12564| [54973] Microsoft Word 2002 memory corruption
12565| [54972] Microsoft Word 2002 memory corruption
12566| [54971] Microsoft Word 2002 memory corruption
12567| [4197] Microsoft SharePoint 2007/3.0 cross site scripting
12568| [4196] Microsoft Word 2002/2003/2007/2010 Stack-based memory corruption
12569| [4194] Microsoft Windows 7/Server 2008/Vista SChannel Client Certificate Request denial of service
12570| [54774] Microsoft Word 2003 word_crash_11.8326.8324_poc.doc denial of service
12571| [54757] Microsoft SharePoint Server 2007 HTML Sanitization SafeHTML cross site scripting
12572| [4186] Microsoft Outlook 2002/2003/2007 Content Parser Heap-based memory corruption
12573| [54584] Microsoft Visual C++ 2005 AtlTraceTool8.exe unknown vulnerability
12574| [54554] Microsoft Groove 2007 mso.dll memory corruption
12575| [4187] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack Ipv4SetEchoRequestCreate denial of service
12576| [54322] Microsoft Word 2002/2003 memory corruption
12577| [54321] Microsoft Office Compatibility Pack 2007 memory corruption
12578| [54320] Microsoft Office Compatibility Pack 2007 memory corruption
12579| [54319] Microsoft Office Compatibility Pack 2007 memory corruption
12580| [54318] Microsoft .NET Framework 2.0 SP1/2.0 SP2/3.5/3.5 SP1/3.5.1 Interfaces memory corruption
12581| [4165] Microsoft Windows 7/Server 2008/Vista TCP/IP Stack denial of service
12582| [4162] Microsoft Windows 7/Server 2008/Vista Kernel memory corruption
12583| [4159] Microsoft Excel 2002/2003 SXDB PivotTable Cache Data Record memory corruption
12584| [4149] Microsoft Windows 7/Server 2003/Server 2008/Vista/XP Shell Shortcut Parser memory corruption
12585| [54083] Microsoft Access 2003 ActiveX Control ACCWIZ.dll memory corruption
12586| [4146] Microsoft Outlook 2002/2003/2007 SMB Attachment PR_ATTACH_METHOD memory corruption
12587| [4145] Microsoft Access 2003/2007 ActiveX ACCWIZ.dll memory corruption
12588| [54617] Microsoft Outlook Web Access up to 2007 cross site request forgery
12589| [4151] Microsoft Windows Server 2008/Vista NtUserCheckAccessForIntegrityLevel memory corruption
12590| [53591] Microsoft Windows Server 2003 GetServerName cross site scripting
12591| [53505] Microsoft Excel 2002/2007 memory corruption
12592| [53501] Microsoft Excel 2002 memory corruption
12593| [53500] Microsoft Excel 2002 memory corruption
12594| [53499] Microsoft Excel 2002 memory corruption
12595| [53495] Microsoft Excel 2002/2003/2007 memory corruption
12596| [53494] Microsoft Excel 2002 Stack-based memory corruption
12597| [53504] Microsoft Excel 2002 memory corruption
12598| [53503] Microsoft Excel 2002 Stack-Based memory corruption
12599| [53502] Microsoft Excel 2002 Heap-based memory corruption
12600| [53498] Microsoft Excel 2002 Stack-based memory corruption
12601| [53497] Microsoft Excel 2002 memory corruption
12602| [53496] Microsoft Excel 2002 memory corruption
12603| [53493] Microsoft Excel 2002/2003/2007 memory corruption
12604| [4133] Microsoft Office 2003/2007/Xp COM Object Instantiator memory corruption
12605| [53366] Microsoft ASP.NET 2.0 cross site scripting
12606| [53385] Microsoft Exchange Server 2007 Outlook Web Access cross site scripting
12607| [53164] Microsoft Office 2003/2007/Xp ActiveX Control VBE6.DLL memory corruption
12608| [53054] Microsoft VISIO 2002/2003/2007 VISIODWG.DLL memory corruption
12609| [4125] Microsoft SharePoint 2007/3.0 help.aspx cross site scripting
12610| [52777] Microsoft Publisher 2002/2003/2007 memory corruption
12611| [52773] Microsoft Visio 2002/2003/2007 memory corruption
12612| [52772] Microsoft Visio 2002/2003/2007 memory corruption
12613| [4107] Microsoft Windows 7/Server 2008 Kernel denial of service
12614| [4103] Microsoft Windows Server 2003 Media Services Stack-based memory corruption
12615| [52543] Microsoft Virtual PC 2007 unknown vulnerability
12616| [52148] Microsoft Office 2004/2007/2008 Uninitialized Memory memory corruption
12617| [52147] Microsoft Office 2004/2007/2008 Spreadsheet Uninitialized Memory memory corruption
12618| [52146] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
12619| [52145] Microsoft Office 2004/2007/2008 Spreadsheet Heap-based memory corruption
12620| [52144] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
12621| [52143] Microsoft Office 2004/2007/2008 Spreadsheet memory corruption
12622| [4090] Microsoft Excel 2002/2003/2007 memory corruption
12623| [52036] Microsoft Windows 2000 MsgBox memory corruption
12624| [51995] Microsoft SharePoint Server up to 2006 cross site scripting
12625| [51810] Microsoft Office 2004/Xp MSO.DLL memory corruption
12626| [51802] Microsoft PowerPoint 2003 Stack-based memory corruption
12627| [51801] Microsoft PowerPoint 2003 Stack-based memory corruption
12628| [51800] Microsoft PowerPoint 2002/2003 Use-After-Free memory corruption
12629| [51799] Microsoft PowerPoint 2002/2003 memory corruption
12630| [51798] Microsoft PowerPoint 2002/2003 Heap-based memory corruption
12631| [4082] Microsoft PowerPoint 2002 SP3 memory corruption
12632| [54550] Microsoft PowerPoint 2007 rpawinet.dll memory corruption
12633| [54556] Microsoft Visio 2003 mfc71enu.dll unknown vulnerability
12634| [51497] Microsoft Windows Live Messenger 2009 ActiveX Control msnmsgr.exe denial of service
12635| [51133] Microsoft Windows 2000 SP4/Server 2003 SP2/SP3/XP SP2 memory corruption
12636| [51074] Microsoft Office 2002/2003 Integer memory corruption
12637| [4069] Microsoft Project 2003/2007 Project Memory Validator memory corruption
12638| [50794] Microsoft Office 2004/2008 Spreadsheet memory corruption
12639| [50793] Microsoft Office 2004/2008 Spreadsheet memory corruption
12640| [50792] Microsoft Office 2004/2008 Spreadsheet memory corruption
12641| [50791] Microsoft Office 2004/2008 Spreadsheet memory corruption
12642| [50790] Microsoft Office 2004/2008 Spreadsheet Heap-based memory corruption
12643| [50788] Microsoft Office 2004/2008 Spreadsheet memory corruption
12644| [50787] Microsoft Office 2004/2008 Spreadsheet memory corruption
12645| [50786] Microsoft Windows 2000 llssrv.exe memory corruption
12646| [50789] Microsoft Office 2004/2008 Spreadsheet memory corruption
12647| [4056] Microsoft Word 2002/2003 File Information Block Parser Stack-based memory corruption
12648| [50660] Microsoft SharePoint Server 2007 unknown vulnerability
12649| [50443] Microsoft PowerPoint 2007 Integer memory corruption
12650| [50432] Microsoft .NET Framework 2.0/2.0 SP1/2.0 SP2/3.5/3.5 SP1 memory corruption
12651| [49866] Microsoft Windows Server 2003 memory corruption
12652| [4031] Microsoft Windows Server 2008/Vista SMB Processor EducatedScholar memory corruption
12653| [4030] Microsoft Windows Server 2008/Vista Wireless LAN AutoConfig Service Heap-based memory corruption
12654| [4029] Microsoft Windows 2000/XP TCP/IP Window Size denial of service
12655| [49745] Microsoft Windows Server 2003 denial of service
12656| [49395] Microsoft Office 2000/2003/XP Office Web Components Heap-based memory corruption
12657| [49394] Microsoft Windows Server 2003 memory corruption
12658| [49389] Microsoft Office 2000/2003/XP Office Web Components memory corruption
12659| [49390] Microsoft Office 2000/2003/XP Office Web Components memory corruption
12660| [49198] Microsoft Visual Studio 2005 information disclosure
12661| [49047] Microsoft Virtual Server 2005 privilege escalation
12662| [49046] Microsoft Windows Server 2003 quartz.dll memory corruption
12663| [49045] Microsoft Windows Server 2003 quartz.dll memory corruption
12664| [49044] Microsoft ISA Server 2006 privilege escalation
12665| [3999] Microsoft Office 2007 Pointer memory corruption
12666| [4000] Microsoft Office 2003/Sp3/Xp Web Components memory corruption
12667| [48894] Microsoft Windows Server 2003 msvidctl.dll memory corruption
12668| [48572] Microsoft PowerPoint 2002 FL21WIN.DLL memory corruption
12669| [48517] Microsoft Windows 2000 Memory Leak memory corruption
12670| [48516] Microsoft Windows Server 2008 unknown vulnerability
12671| [48512] Microsoft Windows Server 2008 unknown vulnerability
12672| [48515] Microsoft Office Word Viewer 2003 memory corruption
12673| [48514] Microsoft Office Word Viewer 2003 Stack-based memory corruption
12674| [48554] Microsoft Excel 2000/2003/2007 memory corruption
12675| [48157] Microsoft PowerPoint 2002 Sound memory corruption
12676| [48156] Microsoft PowerPoint 2000 Stack-based memory corruption
12677| [48154] Microsoft PowerPoint 2002 Sound PP7X32.DLL memory corruption
12678| [48152] Microsoft PowerPoint 2002 PP4X32.DLL memory corruption
12679| [48150] Microsoft PowerPoint 2002 Sound memory corruption
12680| [48147] Microsoft PowerPoint 2002 Sound memory corruption
12681| [48146] Microsoft PowerPoint 2002 Integer memory corruption
12682| [48155] Microsoft PowerPoint 2002 Notes Container Heap-based memory corruption
12683| [48153] Microsoft PowerPoint 2002 Sound memory corruption
12684| [48151] Microsoft PowerPoint 2002 Stack-based memory corruption
12685| [48149] Microsoft PowerPoint 2002 memory corruption
12686| [48148] Microsoft PowerPoint 2002 Sound memory corruption
12687| [3974] Microsoft PowerPoint 2000/2002/2003 Sound Data Stack-based memory corruption
12688| [3973] Microsoft PowerPoint 2000/2002/2003 Notes Container Stack-based memory corruption
12689| [3972] Microsoft PowerPoint 2000/2002/2003 BuildList memory corruption
12690| [3971] Microsoft PowerPoint 2000/2002/2003 Object Stack-based memory corruption
12691| [3970] Microsoft PowerPoint 2000/2002/2003 Paragraph Stack-based memory corruption
12692| [3969] Microsoft PowerPoint 2000/2002/2003 Atom Stack-based memory corruption
12693| [47719] Microsoft Windows 2000 Stack-based memory corruption
12694| [47720] Microsoft Internet Security And Acceleration Server 2006 Forms Authentication cookieauth.dll cross site scripting
12695| [47716] Microsoft Office Converter Pack 2003 WPFT632.CNV memory corruption
12696| [47715] Microsoft Windows 2000 Wordpad memory corruption
12697| [47718] Microsoft Excel 2000/2002/2003/2007 Spreadsheet memory corruption
12698| [3960] Microsoft Windows 2000/Server 2003/XP DirectShow MJPEG memory corruption
12699| [3952] Microsoft ISA Server 2004/2006 denial of service
12700| [3946] Microsoft PowerPoint 2000/2002/2003/2004 memory corruption
12701| [47091] Microsoft Windows Server 2008 unknown vulnerability
12702| [47090] Microsoft Windows Server 2008 unknown vulnerability
12703| [3939] Microsoft Windows 2000 DNS spoofing
12704| [3938] Microsoft Windows 2000 SSL weak authentication
12705| [3937] Microsoft Windows 2000 memory corruption
12706| [3932] Microsoft Excel 2000/2002/2003/2004/2007 Object Reference memory corruption
12707| [46620] Microsoft Windows Live Messenger 2009 msnmsgr.exe denial of service
12708| [46455] Microsoft Exchange Server 2007 denial of service
12709| [46454] Microsoft Exchange Server 2007 memory corruption
12710| [46453] Microsoft Visio 2002/2003/2007 memory corruption
12711| [46452] Microsoft Visio 2002/2003/2007 memory corruption
12712| [46451] Microsoft Visio 2002/2003/2007 memory corruption
12713| [46327] Microsoft Word 2007 information disclosure
12714| [45758] Microsoft Money 2006 ActiveX Control prtstb06.dll denial of service
12715| [45381] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
12716| [45380] Microsoft Windows Server 2008/Vista SP1 Search memory corruption
12717| [45379] Microsoft Office SharePoint Server 2007 denial of service
12718| [3896] Microsoft SQL Server up to 2005 sp_replwritetovarbin memory corruption
12719| [3892] Microsoft Excel 2000/2002/2003 Formula memory corruption
12720| [3891] Microsoft Excel 2000/2002/2003 memory corruption
12721| [3890] Microsoft Excel 2000/2002/2003 NAME Index memory corruption
12722| [3889] Microsoft Word 2000/2002/2003/2007 Table Property Stack-based memory corruption
12723| [3888] Microsoft Word 2000/2002/2003/2007 RTF Stylesheet memory corruption
12724| [3887] Microsoft Word 2000/2002/2003/2007 memory corruption
12725| [3886] Microsoft Word 2000/2002/2003/2007 ControlWord Heap-based memory corruption
12726| [3885] Microsoft Word 2000/2002/2003/2007 memory corruption
12727| [3884] Microsoft Word 2000/2002/2003/2007 memory corruption
12728| [3883] Microsoft Word 2000/2002/2003/2007 RTF Heap-based memory corruption
12729| [3882] Microsoft Word 2000/2002/2003/2007 LFO memory corruption
12730| [3880] Microsoft Visual Basic up to 2003 ActiveX Control Mschrt20.ocx memory corruption
12731| [3879] Microsoft Visual Basic up to 2003 ActiveX Control mscomct2.ocx memory corruption
12732| [3878] Microsoft Visual Basic up to 2003 ActiveX Control mshflxgd.ocx memory corruption
12733| [3877] Microsoft Visual Basic up to 2003 ActiveX Control msflxgrd.ocx memory corruption
12734| [3876] Microsoft Visual Basic up to 2003 ActiveX Control msdatgrd.ocx memory corruption
12735| [45197] Microsoft Windows 2000 nskey.dll memory corruption
12736| [45063] Microsoft Windows Server 2003 Active Directory unknown vulnerability
12737| [45040] Microsoft .NET Framework 2.0.50727 Code Access Security unknown vulnerability
12738| [44855] DjVu Activex Control For Microsoft Office 2000 3.0 ActiveX Control DjVu_ActiveX_MSOffice.dll memory corruption
12739| [44665] Microsoft Peachtree Accounting 2004 ActiveX Control PAWWeb11.ocx unknown vulnerability
12740| [44589] Microsoft Exchange Server 2003 Outlook Web Access unknown vulnerability
12741| [3845] Microsoft Windows 2000 SP4 Active Directory memory corruption
12742| [44533] Microsoft Windows 2000 mqsvc.exe memory corruption
12743| [3844] Microsoft Excel 2003 REPT memory corruption
12744| [3843] Microsoft Excel up to 2007 BIFF File Heap-based memory corruption
12745| [3842] Microsoft Excel 2003 VBA Performance Cache Stack-based memory corruption
12746| [44405] Microsoft Digital Image 2006 ActiveX Control PipPPush.DLL unknown vulnerability
12747| [44047] Microsoft SQL Server 2000 ActiveX Control SQLVDIRLib.SQLVDirControl memory corruption
12748| [43981] Microsoft Organization Chart 2.00 orgchart.exe memory corruption
12749| [43957] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12750| [43956] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12751| [43955] Microsoft Office 2003/2007/Xp gdiplus.dll memory corruption
12752| [43952] Microsoft Office 2003/2007/Xp URI memory corruption
12753| [43676] Microsoft Windows 2000/Server 2003/Vista/XP memory corruption
12754| [43675] Microsoft Windows 2000/Server 2003/Vista/XP of memory corruption
12755| [43662] Microsoft PowerPoint Viewer 2000 SP3/2002 SP3/2003 SP2/2007 SP1 memory corruption
12756| [43661] Microsoft PowerPoint Viewer 2003 memory corruption
12757| [43660] Microsoft PowerPoint Viewer 2003 Integer memory corruption
12758| [43657] Microsoft Office 2000/2003/Xp memory corruption
12759| [43654] Microsoft SharePoint Server 2007 memory corruption
12760| [43653] Microsoft Office 2000/2002/2004/2008 memory corruption
12761| [43652] Microsoft Office 2000/2002/2003/2004/2008 memory corruption
12762| [3797] Microsoft Windows Server 2008/Vista IPsec Policy Designfehler
12763| [3796] Microsoft Office 2000 WPG memory corruption
12764| [3795] Microsoft Office 2000/2003/Xp BMP Image BMPIMP32.FLT memory corruption
12765| [3794] Microsoft Office 2000/2003/Xp PICT bits_per_pixel memory corruption
12766| [3793] Microsoft Office 2000/2003/Xp PICT memory corruption
12767| [3792] Microsoft Office 2000 EPS File memory corruption
12768| [3783] Microsoft Word 2002 memory corruption
12769| [43103] Microsoft Exchange Srv 2007 Sp1 Outlook Web Access cross site scripting
12770| [43102] Microsoft Windows 2000 SP4/Server 2003 SP2/Server 2008 DNS Cache privilege escalation
12771| [3778] Microsoft Exchange 2003/2007 Outlook Web Access cross site scripting
12772| [3777] Microsoft Windows Server 2008/Vista SP1 Explorer memory corruption
12773| [43087] Microsoft Office Snapshot Viewer ActiveX up to Office 2003 Snapshot Viewer ActiveX Control snapview.ocx memory corruption
12774| [43096] Microsoft Publisher 2003/2007 Crypto API unknown vulnerability
12775| [42816] Microsoft Word 2000/2003 memory corruption
12776| [42732] Microsoft Windows Server 2003/Vista/XP denial of service
12777| [42731] Microsoft Windows Server 2003 denial of service
12778| [3732] Microsoft Windows 2000/Server 2003 WINS memory corruption
12779| [3701] Microsoft Word 2003 CSS Heap-based memory corruption
12780| [3700] Microsoft Word 2003 RTF Document Heap-based memory corruption
12781| [42065] Microsoft SharePoint Server 2.0 Rich Text Editor cross site scripting
12782| [41881] Microsoft Office 2003/2007/2007 Sp1/Xp memory corruption
12783| [41880] Microsoft Project 2000/2002/2003 memory corruption
12784| [41879] Microsoft Windows 2000/Server 2003/Vista Stack-based memory corruption
12785| [41878] Microsoft Windows 2000/Server 2003/Vista spoofing
12786| [41877] Microsoft Windows Server 2003 vbscript.dll memory corruption
12787| [3671] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 memory corruption
12788| [3670] Microsoft Visio 2002/2003/2003 Sp3/2007/2007 Sp1 Object memory corruption
12789| [41455] Microsoft Office 2000/2003/2004/Xp memory corruption
12790| [41454] Microsoft Excel 2000/2002/2003/2007 memory corruption
12791| [41453] Microsoft Excel 2000/2002/2003 memory corruption
12792| [41452] Microsoft Excel 2000/2002/2003/2007 memory corruption
12793| [41451] Microsoft Excel 2000/2002/2003 memory corruption
12794| [41450] Microsoft Excel 2000 memory corruption
12795| [41449] Microsoft Excel 2000/2002/2003 memory corruption
12796| [41448] Microsoft Office 2000/Xp Office Web Components memory corruption
12797| [3648] Microsoft Excel 2003 memory corruption
12798| [3647] Microsoft Outlook up to 2007 mailto URI memory corruption
12799| [41003] Microsoft Office 2000/2003/2004/Xp memory corruption
12800| [41002] Microsoft Office 2000/2003/Xp memory corruption
12801| [41001] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
12802| [41000] Microsoft Works 2005/8.0 memory corruption
12803| [40998] Microsoft Publisher 2000/2002/2003 memory corruption
12804| [40994] Microsoft Works 2005/8.0 wkcvqd01.dll memory corruption
12805| [40987] Microsoft Windows 2000 denial of service
12806| [40736] Microsoft ActiveX 2.0 ActiveX Control privilege escalation
12807| [3552] Microsoft Excel 2000/2002/2003 File memory corruption
12808| [40242] Microsoft Publisher 2000/2002/2003/2007 Crash denial of service
12809| [40020] Microsoft Office 2007 ZIP Container unknown vulnerability
12810| [39769] Microsoft Windows 2000 cryptgenrandom weak encryption
12811| [39749] Microsoft Windows 2000 msjet40.dll memory corruption
12812| [39655] Microsoft Windows Server 2003 spoofing
12813| [39324] Microsoft Windows Mobile 2005 SMS unknown vulnerability
12814| [3373] Microsoft Word 2000/2002 memory corruption
12815| [38999] Microsoft Windows Server 2003 explorer.exe denial of service
12816| [38899] Microsoft ISA Server 2004 information disclosure
12817| [38728] Microsoft SQL Server 2005 Enterprise Manager sqldmo.dll memory corruption
12818| [38326] Microsoft Windows 2000 attemptwrite memory corruption
12819| [3241] Microsoft Excel 2000/2003/2004/XP SP3 rtWnDesk memory corruption
12820| [3223] Microsoft Windows Server 2003/XP URI privilege escalation
12821| [3212] Microsoft DirectX February 2006 RLE Compression Targa Files Heap-based memory corruption
12822| [37739] Microsoft Excel 2000/2002/2003/2004/2007 memory corruption
12823| [37738] Microsoft Office 2002/2003 memory corruption
12824| [3176] Microsoft Excel 2000/2002/2003/2007 File Attribute memory corruption
12825| [3175] Microsoft Excel 2000/2002/2003/2007 Active Worksheet memory corruption
12826| [3174] Microsoft Excel 2000/2002/2003/2007 Version Information memory corruption
12827| [3172] Microsoft Office Publisher 2007 Pointer memory corruption
12828| [37566] Microsoft Excel 2003 unknown vulnerability
12829| [37526] Microsoft Windows 2000/Server 2003 denial of service
12830| [37248] Microsoft Visio 2002 Packaging memory corruption
12831| [37251] Microsoft Windows 2000 memory corruption
12832| [3119] Microsoft Visio 2002 Object memory corruption
12833| [3118] Microsoft Visio 2002 Data memory corruption
12834| [37093] Microsoft Windows Server 2003 Error Message unknown vulnerability
12835| [37010] Microsoft Office 2000 ActiveX Control ouactrl.ocx memory corruption
12836| [36628] Microsoft Word 2000/2002/2003/2004 winword.exe memory corruption
12837| [36616] Microsoft Works 2004/2005/2006 memory corruption
12838| [36621] Microsoft Exchange Server 2000 Integer denial of service
12839| [36620] Microsoft Exchange Server 2000 Outlook Web Access cross site scripting
12840| [36619] Microsoft Exchange Server 2000/2003/2007 MIME Email memory corruption
12841| [36618] Microsoft Exchange Server 2000 NULL Pointer Dereference denial of service
12842| [36617] Microsoft Excel 2000/2002/2003/2004 memory corruption
12843| [36623] Microsoft BizTalk Server 2004 ActiveX Control capicom.dll memory corruption
12844| [3067] Microsoft Office 2000/2003/2004/2007/Xp Drawing Object memory corruption
12845| [3065] Microsoft Excel 2000/2002/2003/2007 Filter Stack-based memory corruption
12846| [3064] Microsoft Excel 2000/2002/2003/2004/2007 set Font memory corruption
12847| [3063] Microsoft Excel 2000/2002/2003/2007 BIFF Record Stack-based memory corruption
12848| [3012] Microsoft Windows 2000/Server 2003 DNS Service Stack-based memory corruption
12849| [36039] Microsoft Content Management Server 2001 memory corruption
12850| [36052] Microsoft Windows 2000 Heap-based memory corruption
12851| [36051] Microsoft Word 2007 file798-1.doc memory corruption
12852| [36050] Microsoft Word 2007 file789-1.doc memory corruption
12853| [36040] Microsoft Content Management Server 2001 cross site scripting
12854| [3004] Microsoft Windows up to 2003/XP URL Parser memory corruption
12855| [36041] Microsoft .NET Framework 2.0.50727.42 cross site scripting
12856| [36002] Microsoft Windows 2000/XP denial of service
12857| [2990] Microsoft Windows 2000/Vista/XP Animated Cursor Stack-based memory corruption
12858| [36515] Microsoft Windows 2000/Server 2003/XP memory corruption
12859| [35846] Microsoft Windows 2000/Server 2003 Default Configuration information disclosure
12860| [35373] Microsoft Excel 2003 denial of service
12861| [35372] Microsoft Office 2003 denial of service
12862| [35206] Microsoft Windows Server 2003/XP Crash denial of service
12863| [35161] Microsoft ISA Server 2004 unknown vulnerability
12864| [35236] Microsoft Publisher 2007 memory corruption
12865| [2939] Microsoft Word 2000 memory corruption
12866| [34994] Microsoft Windows 2000 OLE Dialog memory corruption
12867| [34993] Microsoft Office 2000/2003/Xp memory corruption
12868| [35001] Microsoft Office 2000/2003/2004/Xp memory corruption
12869| [35000] Microsoft Word 2000/2002/2003 memory corruption
12870| [2933] Microsoft Windows 2000 SP4/Server 2003 SP1/XP SP2 OLE Dialog Stack-based memory corruption
12871| [2894] Microsoft Office 2000/2003/2004/Xp Undefined String Format String
12872| [2884] Microsoft Word 2000/2002/2003 memory corruption
12873| [34321] Microsoft Office 2000/2003/2004/Xp Spreadsheet Heap-based memory corruption
12874| [34320] Microsoft Office 2000/2003/2004/Xp memory corruption
12875| [34319] Microsoft Office 2000/2003/2004/Xp memory corruption
12876| [34318] Microsoft Office 2000/2003/2004/Xp memory corruption
12877| [34322] Microsoft Office 2000/2003/Xp memory corruption
12878| [2811] Microsoft Windows 2000/Server 2003/XP VML Vector Markup Language Integer memory corruption
12879| [2810] Microsoft Outlook 2000/2002/2003 Office Saved Search OSS File memory corruption
12880| [2809] Microsoft Outlook 2000/2002/2003 Header denial of service
12881| [2808] Microsoft Outlook 2000/2002/2003 Meeting VEVENT memory corruption
12882| [2807] Microsoft Excel 2000/2002/2003 XLS File memory corruption
12883| [34126] Microsoft Office 2003 memory corruption
12884| [34122] Microsoft Office Web Components 2000 memory corruption
12885| [2789] Microsoft Windows 2000/XP RPC Request NetrWkstaUserEnum denial of service
12886| [2765] Microsoft Project Server 2003 pdsrequest.asp weak authentication
12887| [33851] Microsoft Word 2000/2002/2003 12122006-djtest.doc memory corruption
12888| [2739] Microsoft Windows 2000 Remote Installation Service Fehlende Authentifizierung
12889| [2738] Microsoft Windows 2000/Server 2003/XP SNMP memory corruption
12890| [2737] Microsoft Windows Server 2003/XP Manifest denial of service
12891| [33766] Microsoft Word 2000/2002/2003 memory corruption
12892| [2718] Microsoft Word 2000/2002/2003 DOC Document memory corruption
12893| [2717] Microsoft Windows 2000 Print Spooler Memory Consumption denial of service
12894| [2689] Microsoft Windows up to 2000 SP4 Active Directory denial of service
12895| [2688] Microsoft Windows 2000/Server 2003/XP Client Service for Netware denial of service
12896| [2687] Microsoft Windows 2000/Server 2003/XP Agent ActiveX ACF File Heap-based memory corruption
12897| [2686] Microsoft Windows 2000/Server 2003/XP Client Service for Netware memory corruption
12898| [2684] Microsoft Windows 2000/XP Workstation Service Stack-based memory corruption
12899| [2659] Microsoft Windows 2000/XP GDI Crash memory corruption
12900| [2655] Microsoft Windows 2000/Server 2003/XP XML Core Services memory corruption
12901| [33067] Microsoft Visual Studio .net 2005 ActiveX Control wmiscriptutils.dll memory corruption
12902| [2610] Microsoft PowerPoint 2003 PPT Document NULL Pointer Dereference denial of service
12903| [32693] Microsoft Word 2004 memory corruption
12904| [32686] Microsoft Office 2000/2001/2003/2004 Integer memory corruption
12905| [32690] Microsoft Office 2000/2003/2004/Xp memory corruption
12906| [32676] Microsoft Office 2000/2001/2003/2004 memory corruption
12907| [32675] Microsoft Office 2000/2003/2004/Xp memory corruption
12908| [32694] Microsoft Windows 2000 memory corruption
12909| [32689] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12910| [32688] Microsoft Excel 2000/2002/2003/2004/XP memory corruption
12911| [32687] Microsoft Word 2000/2002 memory corruption
12912| [32685] Microsoft Office 2000/2001/2003/2004 memory corruption
12913| [2601] Microsoft Windows Server 2003/XP IPv6 Stack denial of service
12914| [2600] Microsoft Windows Server 2003/XP IPv6 Stack TCP denial of service
12915| [2599] Microsoft Windows Server 2003/XP IPv6 Stack ICMP denial of service
12916| [2598] Microsoft Windows Server 2003/XP Object Packager privilege escalation
12917| [2597] Microsoft Office 2003/Xp Smart-Tag Parser memory corruption
12918| [2596] Microsoft Office 2000/2003/2004/Xp Value Read memory corruption
12919| [2595] Microsoft Office 2000/2001/2003/2004 Diagram Value memory corruption
12920| [2594] Microsoft Office 2000/2001/2003/2004 Document memory corruption
12921| [2593] Microsoft ASP.NET 2.0 cross site scripting
12922| [141652] Microsoft Windows up to Server 2019 Common Log File System Driver information disclosure
12923| [141639] Microsoft SharePoint Foundation 2013 SP1 cross site request forgery
12924| [141637] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
12925| [141636] Microsoft ASP.NET Core 2.1/2.2/3.0 Project Template privilege escalation
12926| [141635] Microsoft .NET Core 2.1/2.2 denial of service
12927| [141633] Microsoft Excel up to 2019 memory corruption
12928| [141631] Microsoft Windows up to Server 2019 SMB Client Driver information disclosure
12929| [141630] Microsoft Windows up to Server 2019 denial of service
12930| [141629] Microsoft Windows up to Server 2019 Update Delivery Optimization privilege escalation
12931| [141627] Microsoft Windows up to Server 2019 GDI information disclosure
12932| [141626] Microsoft Windows up to Server 2019 Win32k memory corruption
12933| [141621] Microsoft Windows up to Server 2019 Kernel information disclosure
12934| [141620] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
12935| [141619] Microsoft Windows up to Server 2019 ALPC privilege escalation
12936| [141618] Microsoft Windows up to Server 2019 hdAudio.sys privilege escalation
12937| [141617] Microsoft Windows up to Server 2019 Store Installer privilege escalation
12938| [141616] Microsoft Windows up to Server 2019 ALPC privilege escalation
12939| [141615] Microsoft Windows up to Server 2019 Winlogon privilege escalation
12940| [141614] Microsoft Windows up to Server 2019 Compatibility Appraiser privilege escalation
12941| [141611] Microsoft Office up to 2019 Security Feature privilege escalation
12942| [141610] Microsoft Excel up to 2019 information disclosure
12943| [141609] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
12944| [141608] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site request forgery
12945| [141607] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 privilege escalation
12946| [141606] Microsoft Windows up to Server 2019 Win32k memory corruption
12947| [141605] Microsoft Windows up to Server 2019 Hyper-V information disclosure
12948| [141604] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
12949| [141603] Microsoft Windows up to Server 2019 GDI information disclosure
12950| [141602] Microsoft Windows up to Server 2019 DirectWrite information disclosure
12951| [141601] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12952| [141600] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12953| [141599] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12954| [141598] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12955| [141597] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12956| [141596] Microsoft Windows up to Server 2019 DirectWrite information disclosure
12957| [141595] Microsoft Windows up to Server 2019 DirectWrite information disclosure
12958| [141594] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12959| [141593] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12960| [141592] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12961| [141591] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
12962| [141590] Microsoft Windows up to Server 2019 Text Service Framework command injection
12963| [141589] Microsoft Exchange Server 2016 CU12/2016 CU13/2019 CU1/2019 CU2 denial of service
12964| [141583] Microsoft Lync Server 2013 Conference directory traversal
12965| [141581] Microsoft Windows up to Server 2016 Hyper-V denial of service
12966| [141580] Microsoft Windows up to Server 2019 Transaction Manager information disclosure
12967| [141579] Microsoft Windows up to Server 2016 DirectX information disclosure
12968| [141577] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
12969| [141575] Microsoft Windows up to Server 2019 lnk File privilege escalation
12970| [141564] Microsoft SharePoint Enterprise Server 2010 SP1/2013 SP1/2016/2019 Markup Application Package privilege escalation
12971| [141561] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
12972| [141560] Microsoft Windows up to Server 2019 Remote Desktop privilege escalation
12973| [139972] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
12974| [139971] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
12975| [139970] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
12976| [139969] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
12977| [139968] Microsoft Windows up to Server 2019 HTTP2 HTTP.sys denial of service
12978| [139965] Microsoft Windows up to Server 2019 Kernel information disclosure
12979| [139963] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
12980| [139962] Microsoft Windows up to Server 2019 Remote Desktop Protocol denial of service
12981| [139960] Microsoft Windows up to Server 2019 DHCP Server denial of service
12982| [139958] Microsoft Windows up to Server 2019 DHCP Server denial of service
12983| [139957] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
12984| [139956] Microsoft SharePoint 2010 SP2/2013 SP1/2016/2019 Session Object information disclosure
12985| [139955] Microsoft Windows up to Server 2019 SyncController.dll privilege escalation
12986| [139949] Microsoft Windows up to Server 2019 XmlLite Runtime XmlLite.dll denial of service
12987| [139946] Microsoft Windows up to Server 2019 Core Shell COM Server Registrar COM Call privilege escalation
12988| [139942] Microsoft Windows up to Server 2019 rpcss.dll memory corruption
12989| [139941] Microsoft Windows up to Server 2019 DirectX memory corruption
12990| [139937] Microsoft Windows up to Server 2019 Azure Active Directory information disclosure
12991| [139936] Microsoft Windows up to Server 2019 SymCrypt information disclosure
12992| [139935] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 NTFS privilege escalation
12993| [139934] Microsoft Windows 7 SP1/Server 2018 R2 SP1/Server 2018 SP2 Win32k memory corruption
12994| [139933] Microsoft Windows up to Server 2019 p2pimsvc privilege escalation
12995| [139932] Microsoft Windows up to Server 2019 Kernel memory corruption
12996| [139931] Microsoft Windows up to Server 2019 File Signature Security Feature CAB File privilege escalation
12997| [139930] Microsoft Windows up to Server 2019 ALPC privilege escalation
12998| [139928] Microsoft Windows up to Server 2019 Kernel memory corruption
12999| [139927] Microsoft Windows up to Server 2019 Graphics Component information disclosure
13000| [139926] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13001| [139925] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13002| [139924] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13003| [139922] Microsoft Windows up to Server 2019 Graphics Component information disclosure
13004| [139921] Microsoft Windows up to Server 2019 Graphics Component information disclosure
13005| [139920] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13006| [139919] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13007| [139918] Microsoft Windows up to Server 2019 Graphics Component information disclosure
13008| [139917] Microsoft Windows up to Server 2019 Graphics Component information disclosure
13009| [139916] Microsoft Windows up to Server 2019 XML Core Services MSXML Parser privilege escalation
13010| [139914] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
13011| [139913] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
13012| [139912] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Hyper-V Network Switch denial of service
13013| [139911] Microsoft Windows up to Server 2019 denial of service
13014| [139910] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
13015| [139909] Microsoft Windows up to Server 2019 Hyper-V Network Switch denial of service
13016| [139908] Microsoft Windows up to Server 2019 Bluetooth weak encryption
13017| [139907] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13018| [139906] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13019| [139902] Microsoft Word up to 2019 memory corruption
13020| [139901] Microsoft Outlook up to 2019 memory corruption
13021| [139895] Microsoft Windows up to Server 2019 lnk File privilege escalation
13022| [139894] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
13023| [139893] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13024| [139892] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13025| [139891] Microsoft Windows up to Server 2019 Font Library memory corruption
13026| [139890] Microsoft Windows up to Server 2019 Font Library memory corruption
13027| [139889] Microsoft Windows up to Server 2019 Font Library memory corruption
13028| [139888] Microsoft Windows up to Server 2019 Font Library memory corruption
13029| [139887] Microsoft Windows up to Server 2019 Font Library memory corruption
13030| [139886] Microsoft Windows up to Server 2019 Font Library memory corruption
13031| [139880] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13032| [139879] Microsoft Windows up to Server 2019 DHCP Client memory corruption
13033| [139878] Microsoft Windows up to Server 2019 Hyper-V Network Switch memory corruption
13034| [139877] Microsoft Outlook up to 2019 memory corruption
13035| [139876] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13036| [139875] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13037| [137590] Microsoft ASP.NET Core 2.1/2.2 Open Redirect
13038| [137589] Microsoft Exchange Server 2013 CU23/2016 CU12/2016 CU13/2019 CU1/2019 CU2 cross site scripting
13039| [137588] Microsoft Exchange Server 2010 SP3/2013 CU23/2016 CU12/2016 CU13 Web Services privilege escalation
13040| [137587] Microsoft SharePoint Server 2013 SP1/2016/2019 cross site scripting
13041| [137586] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
13042| [137585] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
13043| [137584] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13044| [137583] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13045| [137581] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13046| [137580] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13047| [137579] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13048| [137578] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13049| [137577] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13050| [137576] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13051| [137575] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13052| [137574] Microsoft Windows up to Server 2019 DirectWrite memory corruption
13053| [137568] Microsoft Windows up to Server 2019 Remote Desktop Protocol information disclosure
13054| [137563] Microsoft Windows up to Server 2019 DirectWrite information disclosure
13055| [137562] Microsoft Windows up to Server 2019 Win32k information disclosure
13056| [137561] Microsoft Windows up to Server 2019 GDI information disclosure
13057| [137560] Microsoft Windows up to Server 2019 GDI information disclosure
13058| [137559] Microsoft Windows up to Server 2019 DirectWrite information disclosure
13059| [137555] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13060| [137554] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13061| [137553] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13062| [137549] Microsoft Windows up to Server 2016 DLL privilege escalation
13063| [137544] Microsoft Windows up to Server 2019 Kernel information disclosure
13064| [137543] Microsoft Windows up to Server 2019 Kernel information disclosure
13065| [137542] Microsoft SQL Server 2014 SP2/2016 SP1/2017 privilege escalation
13066| [137541] Microsoft Windows up to Server 2019 memory corruption
13067| [137540] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
13068| [137539] Microsoft Windows up to Server 2016 DirectX memory corruption
13069| [137538] Microsoft Windows Server 1803/Server 1903/Server 2016/Server 2019 ADFS Security Feature privilege escalation
13070| [137537] Microsoft Windows up to Server 2019 Hyper-V denial of service
13071| [137535] Microsoft Windows up to Server 2019 Remote Desktop Service privilege escalation
13072| [137533] Microsoft Windows up to Server 2019 SymCrypt denial of service
13073| [137527] Microsoft Windows up to Server 2019 GDI+ memory corruption
13074| [137512] Microsoft Windows up to Server 2019 DHCP memory corruption
13075| [136414] Microsoft Azure DevOps Server 2019 cross site request forgery
13076| [136349] Microsoft Windows up to Server 2019 Event Viewer eventvwr.msc XML External Entity
13077| [136348] Microsoft Windows up to Server 2019 Task Scheduler privilege escalation
13078| [136347] Microsoft Windows up to Server 2019 AppXSVC privilege escalation
13079| [136345] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
13080| [136344] Microsoft Windows up to Server 2019 GDI information disclosure
13081| [136340] Microsoft Windows up to Server 2019 GDI information disclosure
13082| [136337] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
13083| [136336] Microsoft Windows up to Server 2019 Kernel privilege escalation
13084| [136335] Microsoft Windows up to Server 2019 NTLM Downgrade weak authentication
13085| [136334] Microsoft Windows up to Server 2019 Kernel information disclosure
13086| [136333] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
13087| [136330] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
13088| [136329] Microsoft SharePoint Server 2016/2019 cross site scripting
13089| [136328] Microsoft SharePoint Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
13090| [136327] Microsoft Lync Server 2010/2013 denial of service
13091| [136326] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13092| [136325] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13093| [136324] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13094| [136323] Microsoft Windows up to Server 2019 denial of service
13095| [136321] Microsoft Windows 10 1809/10 1903/Server 1903/Server 2019 Audio Service privilege escalation
13096| [136320] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13097| [136319] Microsoft Windows up to Server 2019 Security Credentials information disclosure
13098| [136318] Microsoft Windows up to Server 2019 DirectX privilege escalation
13099| [136317] Microsoft Windows up to Server 2019 Win32k memory corruption
13100| [136314] Microsoft Windows up to Server 2019 Win32k memory corruption
13101| [136312] Microsoft Windows up to Server 2019 GDI information disclosure
13102| [136310] Microsoft Windows up to Server 2019 GDI information disclosure
13103| [136308] Microsoft Windows up to Server 2019 Audio Service privilege escalation
13104| [136306] Microsoft Windows up to Server 2019 Storage Service privilege escalation
13105| [136305] Microsoft Windows up to Server 2019 User Profile Service privilege escalation
13106| [136304] Microsoft Windows up to Server 2019 Common Log File System Driver privilege escalation
13107| [136303] Microsoft Windows up to Server 2019 Storage Service privilege escalation
13108| [136301] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13109| [136299] Microsoft Windows up to Server 2019 Local Security Authority Subsystem Service Reboot denial of service
13110| [136296] Microsoft Windows up to Server 2019 Common Log File System Driver memory corruption
13111| [136295] Microsoft Windows up to Server 2019 ALPC privilege escalation
13112| [136293] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13113| [136292] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13114| [136291] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13115| [136290] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13116| [136289] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13117| [136288] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13118| [136287] Microsoft Windows up to Server 2019 Hyper-V denial of service
13119| [136286] Microsoft Windows up to Server 2019 Hyper-V denial of service
13120| [136285] Microsoft Windows up to Server 2019 Hyper-V denial of service
13121| [136284] Microsoft Windows up to Server 2019 Kernel memory corruption
13122| [136276] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13123| [136275] Microsoft Windows 10/10 1607/10 1703/10 1709/Server 2016 Hyper-V memory corruption
13124| [136274] Microsoft Windows up to Server 2019 ActiveX memory corruption
13125| [136273] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13126| [134750] Microsoft ASP.NET Core 2.1/2.2 denial of service
13127| [134745] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13128| [134744] Microsoft Windows up to Server 2019 GDI information disclosure
13129| [134743] Microsoft SharePoint Server 2013 SP1/2016 cross site scripting
13130| [134742] Microsoft SharePoint Enterprise Server 2016/2019 cross site scripting
13131| [134741] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13132| [134740] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
13133| [134739] Microsoft SharePoint Foundation 2010 SP2/2013 SP2 cross site scripting
13134| [134738] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13135| [134737] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13136| [134736] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
13137| [134735] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13138| [134734] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13139| [134733] Microsoft Windows up to Server 2019 Unified Write Filter privilege escalation
13140| [134731] Microsoft Windows up to Server 2019 Symlink privilege escalation
13141| [134729] Microsoft Windows up to Server 2019 Storage Service privilege escalation
13142| [134725] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13143| [134724] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13144| [134723] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13145| [134722] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13146| [134721] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13147| [134720] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13148| [134719] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13149| [134718] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13150| [134717] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13151| [134716] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13152| [134715] Microsoft Windows up to Server 2019 Win32k memory corruption
13153| [134714] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13154| [134713] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13155| [134712] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13156| [134710] Microsoft Windows up to Server 2019 GDI information disclosure
13157| [134709] Microsoft Windows up to Server 2019 Kernel privilege escalation
13158| [134706] Microsoft Windows up to Server 2019 Error Reporting privilege escalation
13159| [134701] Microsoft Windows up to Server 2019 Windows Defender Application Control privilege escalation
13160| [134700] Microsoft Windows up to Server 2019 Diagnostic Hub privilege escalation
13161| [134699] Microsoft Windows up to Server 2019 NDIS ndis.sys memory corruption
13162| [134698] Microsoft Windows up to Server 2019 OLE memory corruption
13163| [134684] Microsoft Windows up to Server 2019 DHCP Server memory corruption
13164| [134678] Microsoft Windows up to Server 2019 GDI+ memory corruption
13165| [133236] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13166| [133234] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13167| [133232] Microsoft Azure DevOps Server 2019 cross site scripting
13168| [133229] Microsoft Azure DevOps Server 2019 cross site scripting
13169| [133224] Microsoft Exchange Server 2013 CU22/2016 CU11/2016 CU12/2019/2019 CU1 Outlook Web Access privilege escalation
13170| [133223] Microsoft Azure DevOps Server 2019 Content Security Policy privilege escalation
13171| [133222] Microsoft Windows up to Server 2019 Remote Registry Service memory corruption
13172| [133221] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13173| [133220] Microsoft Windows up to Server 2019 GDI Memory information disclosure
13174| [133219] Microsoft Windows up to Server 2019 Win32k Memory information disclosure
13175| [133218] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13176| [133217] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13177| [133216] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
13178| [133215] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
13179| [133214] Microsoft Windows up to Server 2019 AppX Deployment Service privilege escalation
13180| [133213] Microsoft Windows up to Server 2019 Kernel Memory information disclosure
13181| [133212] Microsoft Windows up to Server 2019 Terminal Services Memory information disclosure
13182| [133211] Microsoft Windows up to Server 2019 Task Scheduler information disclosure
13183| [133209] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
13184| [133206] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016/2019 cross site scripting
13185| [133205] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
13186| [133204] Microsoft Office/Excel up to 2019 memory corruption
13187| [133203] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13188| [133202] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13189| [133201] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13190| [133200] Microsoft Office up to 2019 Access Connectivity Engine memory corruption
13191| [133199] Microsoft Office 2010 SP2 Access Connectivity Engine memory corruption
13192| [133198] Microsoft Exchange Server up to 2019 CU1 Outlook Web Access cross site scripting
13193| [133197] Microsoft ASP.NET Core 2.2 Request denial of service
13194| [133196] Microsoft Windows up to Server 2019 Win32k information disclosure
13195| [133195] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
13196| [133194] Microsoft Windows up to Server 2019 GDI Memory information disclosure
13197| [133193] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
13198| [133192] Microsoft Windows up to Server 2019 OLE Automation privilege escalation
13199| [133189] Microsoft Windows up to Server 2019 CSRSS memory corruption
13200| [133188] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
13201| [133187] Microsoft Windows up to Server 2019 LUAFV Driver luafv.sys privilege escalation
13202| [133186] Microsoft Windows up to Server 2019 TCP/IP Stack Fragmented IP Packet information disclosure
13203| [133185] Microsoft Windows up to Server 2019 Win32k memory corruption
13204| [133183] Microsoft Windows up to Server 2019 Win32k memory corruption
13205| [133182] Microsoft Windows up to Server 2019 Win32k memory corruption
13206| [133181] Microsoft Office/Excel/PowerPoint up to 2019 URL Document Code Execution
13207| [133180] Microsoft Windows up to Server 2019 MS XML Code Execution
13208| [133179] Microsoft Windows up to Server 2019 MS XML Code Execution
13209| [133177] Microsoft Windows up to Server 2019 Device Guard luafv.sys privilege escalation
13210| [133174] Microsoft Windows up to Server 2019 GDI+ privilege escalation
13211| [133173] Microsoft Windows up to Server 2019 IOleCvt Interface privilege escalation
13212| [133166] Microsoft Windows up to Server 2019 MS XML Code Execution
13213| [133165] Microsoft Windows up to Server 2019 MS XML Code Execution
13214| [133164] Microsoft Windows up to Server 2019 MS XML Code Execution
13215| [133163] Microsoft Windows up to Server 2019 MS XML Code Execution
13216| [133162] Microsoft Windows up to Server 2019 MS XML Code Execution
13217| [131687] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 3.2/2018 Updated 1.2 cross site scripting
13218| [131685] Microsoft Windows up to Server 2019 SMB information disclosure
13219| [131684] Microsoft Visual Studio 2017 Version 15.9 C++ Redistributable Installer privilege escalation
13220| [131681] Microsoft Windows up to Server 2019 Win32k memory corruption
13221| [131679] Microsoft Windows up to Server 2019 Kernel information disclosure
13222| [131675] Microsoft SharePoint 2013 SP1/2016 cross site scripting
13223| [131674] Microsoft Windows up to Server 2019 Win32k information disclosure
13224| [131673] Microsoft Windows up to Server 2019 Kernel information disclosure
13225| [131672] Microsoft Windows up to Server 2019 GDI information disclosure
13226| [131671] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
13227| [131668] Microsoft Windows up to Server 2019 AppX Deployment Server privilege escalation
13228| [131667] Microsoft Windows up to Server 2019 Comctl32.dll memory corruption
13229| [131663] Microsoft Windows up to Server 2019 Print Spooler information disclosure
13230| [131658] Microsoft Windows up to Server 2019 information disclosure
13231| [131657] Microsoft Windows up to Server 2019 denial of service
13232| [131656] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
13233| [131653] Microsoft Windows up to Server 2019 SMB information disclosure
13234| [131652] Microsoft Windows up to Server 2019 SMB information disclosure
13235| [131651] Microsoft Windows up to Server 2019 Kernel information disclosure
13236| [131650] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V denial of service
13237| [131649] Microsoft Windows up to Server 2019 Kernel memory corruption
13238| [131648] Microsoft Windows up to Server 2019 Hyper-V denial of service
13239| [131644] Microsoft Windows up to Server 2019 Hyper-V denial of service
13240| [131638] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13241| [131632] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
13242| [131631] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
13243| [131630] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DHCP Client memory corruption
13244| [131629] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
13245| [131628] Microsoft Windows up to Server 2019 ActiveX memory corruption
13246| [131619] Microsoft Windows up to Server 2019 MS XML privilege escalation
13247| [131334] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
13248| [131333] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
13249| [131328] Microsoft Windows up to Server 2016 Kernel information disclosure
13250| [130832] Microsoft 2013 SP1 spoofing
13251| [130828] Microsoft Exchange Server 2010 SP3/2013 CU22/2016 CU12/2019 CU1 EWS privilege escalation
13252| [130826] Microsoft Office 2010 SP2 Connectivity Engine memory corruption
13253| [130825] Microsoft Office up to 2019 Connectivity Engine memory corruption
13254| [130824] Microsoft Office up to 2019 Connectivity Engine memory corruption
13255| [130823] Microsoft Office up to 2019 Connectivity Engine privilege escalation
13256| [130822] Microsoft Office up to 2019 Connectivity Engine privilege escalation
13257| [130821] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13258| [130820] Microsoft Windows up to Server 2012 R2 GDI information disclosure
13259| [130818] Microsoft Windows up to Server 2019 GDI information disclosure
13260| [130817] Microsoft Windows up to Server 2019 Storage Service privilege escalation
13261| [130814] Microsoft Windows up to Server 2019 privilege escalation
13262| [130809] Microsoft Windows up to Server 2019 Defender Firewall Security privilege escalation
13263| [130808] Microsoft Windows up to Server 2019 information disclosure
13264| [130807] Microsoft Windows up to Server 2019 Hyper-V information disclosure
13265| [130806] Microsoft Windows up to Server 2019 SMB privilege escalation
13266| [130805] Microsoft Windows up to Server 2019 Device Guard privilege escalation
13267| [130804] Microsoft Windows up to Server 2019 Device Guard privilege escalation
13268| [130803] Microsoft Windows up to Server 2019 SMB privilege escalation
13269| [130802] Microsoft Windows up to Server 2019 Win32k information disclosure
13270| [130801] Microsoft Windows up to Server 2019 Device Guard privilege escalation
13271| [130800] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13272| [130799] Microsoft Windows up to Server 2016 Win32k memory corruption
13273| [130798] Microsoft Windows up to Server 2019 GDI information disclosure
13274| [130797] Microsoft Windows up to Server 2019 GDI information disclosure
13275| [130796] Microsoft Windows up to Server 2019 GDI information disclosure
13276| [130793] Microsoft Windows up to Server 2019 GDI information disclosure
13277| [130792] Microsoft Windows up to Server 2019 HID information disclosure
13278| [130791] Microsoft Windows up to Server 2019 HID information disclosure
13279| [130790] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13280| [130789] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13281| [130788] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13282| [130787] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13283| [130786] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13284| [130784] Microsoft Windows up to Server 2019 GDI+ memory corruption
13285| [130782] Microsoft Windows up to Server 2019 DHCP Server memory corruption
13286| [130781] Microsoft Windows up to Server 2019 GDI+ memory corruption
13287| [129847] Microsoft Team Foundation Server 2017 Update 3.1/2018 Update 1.2/2018 Update 3.2 information disclosure
13288| [129846] Microsoft Team Foundation Server 2018 Update 3.2 cross site scripting
13289| [129845] Microsoft Skype for Business 2015 CU 8 Request cross site scripting
13290| [128765] Microsoft Visual Studio 2017 Version 15.9 C++ Construct privilege escalation
13291| [128764] Microsoft Exchange Server 2010 SP3/2013 CU21/2016 CU10/2016 CU11/2019 PowerShell API information disclosure
13292| [128761] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13293| [128760] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13294| [128759] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13295| [128758] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13296| [128757] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13297| [128756] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13298| [128755] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13299| [128754] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13300| [128753] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13301| [128752] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13302| [128751] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
13303| [128750] Microsoft Windows up to Server 2019 Runtime privilege escalation
13304| [128749] Microsoft Windows up to Server 2019 Kernel information disclosure
13305| [128747] Microsoft ASP.NET Core 2.1 Web Request denial of service
13306| [128746] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
13307| [128745] Microsoft Office up to 2019 Word Macro information disclosure
13308| [128742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
13309| [128741] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13310| [128740] Microsoft SharePoint Enterprise Server 2013 SP1 cross site scripting
13311| [128739] Microsoft Windows up to Server 2019 Kernel information disclosure
13312| [128738] Microsoft Windows up to Server 2019 Subsystem for Linux information disclosure
13313| [128737] Microsoft Windows up to Server 2019 COM Desktop Broker privilege escalation
13314| [128736] Microsoft Windows up to Server 2019 Kernel information disclosure
13315| [128735] Microsoft ASP.NET Core 2.1/2.2 Web Request denial of service
13316| [128733] Microsoft Windows up to Server 2019 Authentication Request privilege escalation
13317| [128729] Microsoft Visual Studio 2010 SP1/2012 Update 5 vscontent File information disclosure
13318| [128728] Microsoft Windows up to Server 2019 Kernel information disclosure
13319| [128727] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
13320| [128726] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
13321| [128725] Microsoft Windows up to Server 2019 Data Sharing Service privilege escalation
13322| [128718] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13323| [128717] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Hyper-V memory corruption
13324| [127925] Microsoft SharePoint Enterprise Server 2016 Web Request cross site scripting
13325| [127882] Microsoft Dynamics NAV 2016/2017 Web Request cross site scripting
13326| [127881] Microsoft Windows 10 1809/Server 2019 Object denial of service
13327| [127880] Microsoft Windows up to Server 2019 Win32k Object memory corruption
13328| [127828] Microsoft Windows up to Server 2019 Win32k memory corruption
13329| [127827] Microsoft Windows 10 1809/Server 2019 DirectX information disclosure
13330| [127826] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 Win32k ASLR privilege escalation
13331| [127825] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 privilege escalation
13332| [127824] Microsoft Excel up to 2019 Out-of-Bounds memory corruption
13333| [127823] Microsoft Windows up to Server 2012 R2 Kernel information disclosure
13334| [127821] Microsoft Windows up to Server 2019 Connected User Experiences and Telemetry Service denial of service
13335| [127820] Microsoft Windows up to Server 2019 Kernel memory corruption
13336| [127819] Microsoft Exchange Server 2016 CU10/2016 CU11 Profile Data privilege escalation
13337| [127817] Microsoft Excel up to 2019 information disclosure
13338| [127816] Microsoft Windows up to Server 2019 GDI information disclosure
13339| [127815] Microsoft Windows up to Server 2019 GDI information disclosure
13340| [127814] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 Search cross site request forgery
13341| [127812] Microsoft Windows up to Server 2019 Remote Procedure Call information disclosure
13342| [127806] Microsoft Outlook up to 2019 memory corruption
13343| [127805] Microsoft Excel up to 2019 memory corruption
13344| [127804] Microsoft Excel up to 2019 memory corruption
13345| [127803] Microsoft Windows up to Server 2019 Text-To-Speech memory corruption
13346| [127801] Microsoft Windows up to Server 2019 DNS Server privilege escalation
13347| [126938] Microsoft Team Foundation Server 2018 Update 1.1/2018 Update 3 Code Execution
13348| [126755] Microsoft .NET Core 2.1 privilege escalation
13349| [126754] Microsoft Skype for Business/Lync Server 2013 SP1/2016 Emoji denial of service
13350| [126750] Microsoft Windows up to Server 2019 ALPC privilege escalation
13351| [126749] Microsoft Exchange Server 2010/2013/2016/2019 privilege escalation
13352| [126747] Microsoft SharePoint Enterprise Server 2013 SP1 Folder information disclosure
13353| [126746] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13354| [126745] Microsoft Project 2010 SP2/2013 SP1/2016 memory corruption
13355| [126744] Microsoft Office up to 2019 Word memory corruption
13356| [126743] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
13357| [126742] Microsoft SharePoint Enterprise Server 2013 SP1/2016/2019 cross site scripting
13358| [126739] Microsoft Windows up to Server 2012 R2 Win32k information disclosure
13359| [126737] Microsoft Windows up to Server 2012 R2 DirectX information disclosure
13360| [126736] Microsoft Windows up to Server 2019 Win32k memory corruption
13361| [126735] Microsoft Windows up to Server 2019 DirectX privilege escalation
13362| [126733] Microsoft Windows 10 1803/10 1809/Server 1803/Server 2019 DirectX memory corruption
13363| [126730] Microsoft Windows up to Server 2019 Active Directory Federation Services cross site scripting
13364| [126728] Microsoft Office/SharePoint 2010 SP2 Word memory corruption
13365| [126727] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13366| [126726] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13367| [126725] Microsoft Windows up to Server 2019 DirectX memory corruption
13368| [126722] Microsoft Windows up to Server 2019 PowerShell privilege escalation
13369| [126718] Microsoft Windows up to Server 2016 Search memory corruption
13370| [126717] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 memory corruption
13371| [126716] Microsoft Office up to 2019 Excel memory corruption
13372| [126714] Microsoft Windows up to Server 2019 PowerShell unknown vulnerability
13373| [126713] Microsoft Windows up to Server 2019 VBScript Engine memory corruption
13374| [126712] Microsoft Windows up to Server 2016 Graphics Component memory corruption
13375| [126711] Microsoft Windows up to Server 2019 Deployment Services TFTP Server memory corruption
13376| [125123] Microsoft Windows up to Server 2019 Codecs Library information disclosure
13377| [125122] Microsoft Windows up to Server 2016 TCP/IP information disclosure
13378| [125121] Microsoft Windows up to Server 2019 DirectX memory corruption
13379| [125120] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
13380| [125119] Microsoft Windows up to Server 2019 Windows Media Player information disclosure
13381| [125116] Microsoft Exchange Server 2013 CU21/2016 CU10 privilege escalation
13382| [125115] Microsoft Windows up to Server 2019 Theme API privilege escalation
13383| [125114] Microsoft Windows up to Server 2019 Windows Shell privilege escalation
13384| [125113] Microsoft Windows up to Server 2019 Kernel memory corruption
13385| [125111] Microsoft Windows up to Server 2019 Device Guard Code Integrity Policy privilege escalation
13386| [125110] Microsoft Windows up to Server 2019 DNS Global Blocklist privilege escalation
13387| [125109] Microsoft Windows up to Server 2019 NTFS privilege escalation
13388| [125108] Microsoft Windows up to Server 2019 Filter Manager memory corruption
13389| [125107] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13390| [125106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13391| [125105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13392| [125104] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13393| [125102] Microsoft Office/Word 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
13394| [125100] Microsoft Office/PowerPoint 2010 SP2/2013 RT SP1/2013 SP1/2016/2019 Protected View memory corruption
13395| [125099] Microsoft Office/Excel up to 2019 Protected View memory corruption
13396| [125098] Microsoft Windows up to Server 2019 JET Database Engine privilege escalation
13397| [125097] Microsoft Windows up to Server 2019 DirectX Graphics memory corruption
13398| [125096] Microsoft Windows up to Server 2019 Win32k memory corruption
13399| [125095] Microsoft Exchange Server 2013 CU21/2016 CU10 Outlook Web Access cross site scripting
13400| [125093] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13401| [125092] Microsoft Windows up to Server 2019 Hyper-V memory corruption
13402| [125091] Microsoft Windows up to Server 2019 MS XML privilege escalation
13403| [124371] Microsoft Exchange Server up to 2010 SP3 Outlook Web Access /owa/auth/logon.aspx Parameter Server-Side Request Forgery
13404| [124217] Microsoft Windows Server 2012/Server 2016 Active Directory Federation Services /adfs/ls Server-Side Request Forgery
13405| [123995] Microsoft Lync 2011 on Mac Security Feature Messages Download privilege escalation
13406| [123881] Microsoft Windows up to Server 2016 Sandbox privilege escalation
13407| [123874] Microsoft Windows up to Server 2016 Kernel information disclosure
13408| [123872] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 SMB information disclosure
13409| [123868] Microsoft Windows up to Server 2016 Hyper-V denial of service
13410| [123864] Microsoft Windows up to Server 2016 Hyper-V information disclosure
13411| [123862] Microsoft SharePoint Enterprise Server 2010 SP2/2013 RT SP1/2013 SP1/2016 cross site scripting
13412| [123861] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
13413| [123860] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13414| [123859] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
13415| [123851] Microsoft Windows up to Server 2016 ALPC privilege escalation
13416| [123849] Microsoft Windows up to Server 2016 SMB denial of service
13417| [123846] Microsoft Office 2016 on Win/Mac memory corruption
13418| [123844] Microsoft Word 2013 RT SP1/2013 SP1/2016 PDF File memory corruption
13419| [123843] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13420| [123842] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13421| [123830] Microsoft Windows up to Server 2016 Hyper-V memory corruption
13422| [123828] Microsoft Windows up to Server 2016 Win32k Graphics privilege escalation
13423| [123827] Microsoft Windows up to Server 2016 Image memory corruption
13424| [123825] Microsoft Windows up to Server 2016 MSXML Parser privilege escalation
13425| [123823] Microsoft Windows up to Server 2016 Hyper-V privilege escalation
13426| [122887] Microsoft Office 2016 on Mac AutoUpdate memory corruption
13427| [122886] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
13428| [122885] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
13429| [122884] Microsoft Windows up to Server 2016 Win32k memory corruption
13430| [122883] Microsoft Windows up to Server 2016 DirectX Graphics memory corruption
13431| [122875] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
13432| [122874] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13433| [122873] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
13434| [122871] Microsoft PowerPoint 2010 SP2 memory corruption
13435| [122870] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13436| [122861] Microsoft Windows up to Server 2016 Microsoft COM for Windows privilege escalation
13437| [122850] Microsoft Visual Studio 2015 Update 3/2017/2017 Version 15.8 Diagnostic Hub privilege escalation
13438| [122849] Microsoft Windows up to Server 2016 Diagnostic Hub privilege escalation
13439| [122848] Microsoft Windows Security Feature 2FA weak authentication
13440| [122834] Microsoft Windows up to Server 2016 LNK memory corruption
13441| [122825] Microsoft Windows up to Server 2016 Graphics memory corruption
13442| [122823] Microsoft SQL Server 2016 SP1/2016 SP2/2017 memory corruption
13443| [121208] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R Attachment privilege escalation
13444| [121118] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13445| [121116] Microsoft Windows up to Server 2016 Sandbox privilege escalation
13446| [121114] Microsoft Access 2013 SP1/2016/2016 C2R memory corruption
13447| [121111] Microsoft Windows up to Server 2016 Kernel memory corruption
13448| [121110] Microsoft Windows up to Server 2016 Wordpad privilege escalation
13449| [121107] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll denial of service
13450| [121106] Microsoft SharePoint Enterprise Server 2013 SP1/2016 privilege escalation
13451| [121105] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13452| [121098] Microsoft Office 2016/2016 C2R memory corruption
13453| [121092] Microsoft Windows up to Server 2016 FTP Server denial of service
13454| [121090] Microsoft Visual Studio up to 2017 Version 15.8 Preview privilege escalation
13455| [119479] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13456| [119477] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 information disclosure
13457| [119476] Microsoft Publisher 2010 SP2 OLE Object PUB File privilege escalation
13458| [119475] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Attachment privilege escalation
13459| [119474] Microsoft Windows up to Server 2016 GDI information disclosure
13460| [119470] Microsoft Windows up to Server 2016 HTTP HTTP.sys denial of service
13461| [119468] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13462| [119467] Microsoft Windows up to Server 2016 Hypervisor privilege escalation
13463| [119465] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13464| [119464] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13465| [119463] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13466| [119461] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13467| [119460] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13468| [119459] Microsoft Windows up to Server 2016 memory corruption
13469| [119457] Microsoft Windows up to Server 2016 Desktop Bridge privilege escalation
13470| [119456] Microsoft Windows up to Server 2016 Kernel information disclosure
13471| [119455] Microsoft Windows up to Server 2016 denial of service
13472| [119454] Microsoft Windows up to Server 2016 Device Guard Code Integrity Policy privilege escalation
13473| [119452] Microsoft Windows up to Server 2016 HIDParser memory corruption
13474| [119448] Microsoft Windows up to Server 2016 Code Integrity Module denial of service
13475| [119447] Microsoft Windows up to Server 2016 NTFS privilege escalation
13476| [119441] Microsoft Windows up to Server 2016 Media Foundation memory corruption
13477| [119437] Microsoft Windows up to Server 2016 HTTP Protocol Stack Http.sys memory corruption
13478| [119436] Microsoft Windows up to Server 2016 memory corruption
13479| [119431] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
13480| [118120] Microsoft Office 2016 on Mac XML Data Code Execution
13481| [117561] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1 Web Request cross site scripting
13482| [117560] Microsoft Exchange Server up to 2016 CU9 Code Execution memory corruption
13483| [117559] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access Web Request cross site scripting
13484| [117558] Microsoft Windows up to Server 2016 Code Execution memory corruption
13485| [117507] Microsoft Infopath 2013 SP1 memory corruption
13486| [117505] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R information disclosure
13487| [117504] Microsoft Office 2010 SP2 information disclosure
13488| [117503] Microsoft Exchange Server 2013 CU19/2013 CU20/2016 CU8/2016 CU9 Outlook Web Access cross site scripting
13489| [117502] Microsoft SharePoint Enterprise Server 2010 SP2/2013 SP1/2016 cross site scripting
13490| [117501] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13491| [117500] Microsoft Exchange Server 2016 CU8/2016 CU9 Outlook Web Access cross site scripting
13492| [117499] Microsoft Exchange Server up to 2016 CU9 information disclosure
13493| [117498] Microsoft Office 2016 C2R Security Feature privilege escalation
13494| [117497] Microsoft SharePoint Enterprise Server 2010/2013 SP1/2016 cross site scripting
13495| [117480] Microsoft Windows up to Server 2016 COM Serialized privilege escalation
13496| [117473] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13497| [117472] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13498| [117471] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13499| [117470] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13500| [117469] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13501| [117468] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13502| [117444] Microsoft Windows up to Server 2016 Hyper-V vSMB memory corruption
13503| [117443] Microsoft Windows up to Server 2016 Hyper-V memory corruption
13504| [117442] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
13505| [116132] Microsoft Office 2016 Memory information disclosure
13506| [116051] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13507| [116050] Microsoft SharePoint Enterprise Server 2010 SP2/2013/2016 cross site scripting
13508| [116049] Microsoft SharePoint Enterprise Server 2013/2016 privilege escalation
13509| [116048] Microsoft Windows up to Server 2016 DirectX Graphics Kernel Subsystem memory corruption
13510| [116047] Microsoft Windows up to Server 2016 OpenType Font Driver atmfd.dll memory corruption
13511| [116046] Microsoft SharePoint Enterprise Server 2013/2016 Share cross site scripting
13512| [116045] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13513| [116039] Microsoft Windows up to Server 2016 Remote Desktop Protocol denial of service
13514| [116031] Microsoft Windows up to Server 2016 Kernel ASLR information disclosure
13515| [116030] Microsoft Windows up to Server 2016 SNMP Service denial of service
13516| [116026] Microsoft Windows up to Server 2016 Kernel information disclosure
13517| [116024] Microsoft Windows up to Server 2016 HTTP.sys denial of service
13518| [116023] Microsoft Office up to 2016 C2R information disclosure
13519| [116022] Microsoft Excel 2010 SP2 memory corruption
13520| [116020] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Active Directory privilege escalation
13521| [116019] Microsoft Windows up to Server 2016 Kernel information disclosure
13522| [116018] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13523| [116017] Microsoft Excel up to 2016 C2R memory corruption
13524| [116016] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Graphics memory corruption
13525| [116014] Microsoft Office 2013 RT SP1/2013 SP1/2016/2016 C2R memory corruption
13526| [116013] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1 memory corruption
13527| [116008] Microsoft Windows up to Server 2016 Graphics memory corruption
13528| [116007] Microsoft Windows up to Server 2016 Graphics memory corruption
13529| [116006] Microsoft Windows up to Server 2016 Graphics memory corruption
13530| [116005] Microsoft Windows up to Server 2016 Graphics memory corruption
13531| [116004] Microsoft Windows up to Server 2016 Graphics memory corruption
13532| [116003] Microsoft Windows up to Server 2016 VBScript Engine memory corruption
13533| [115994] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13534| [115804] Microsoft Windows up to Server 2016 Malware Protection Engine privilege escalation
13535| [114579] Microsoft Exchange Server up to 2017 CU8 Outlook Web Access information disclosure
13536| [114574] Microsoft SharePoint Enterprise Server 2016 privilege escalation
13537| [114573] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13538| [114571] Microsoft Exchange Server 2016 CU7/2016 CU8 Outlook Web Access information disclosure
13539| [114570] Microsoft Exchange Server 2010 SP3/2013 CU18/2013 CU19/2016 CU7/2016 CU8 Outlook Web Access Fake privilege escalation
13540| [114565] Microsoft Windows 10 1607/10 1703/10 1709/Server 1709/Server 2016 Kernel information disclosure
13541| [114564] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13542| [114562] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13543| [114560] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13544| [114559] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13545| [114558] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13546| [114557] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13547| [114556] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13548| [114555] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13549| [114554] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13550| [114553] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13551| [114552] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13552| [114551] Microsoft Excel up to 2016 C2R Security Feature privilege escalation
13553| [114549] Microsoft Access 2010 SP2/2013 SP1/2016 memory corruption
13554| [114548] Microsoft Windows up to Server 2016 CNG Security Feature cng.sys privilege escalation
13555| [114547] Microsoft Windows up to Server 2016 Kernel information disclosure
13556| [114546] Microsoft Windows up to Server 2016 Kernel information disclosure
13557| [114545] Microsoft Windows up to Server 2016 Kernel information disclosure
13558| [114544] Microsoft Windows up to Server 2016 Kernel information disclosure
13559| [114543] Microsoft Windows up to Server 2016 Kernel information disclosure
13560| [114542] Microsoft Windows up to Server 2016 Kernel information disclosure
13561| [114541] Microsoft Windows up to Server 2016 Kernel information disclosure
13562| [114540] Microsoft Windows up to Server 2016 Kernel information disclosure
13563| [114536] Microsoft Windows up to Server 2016 CredSSP privilege escalation
13564| [114535] Microsoft Windows up to Server 2016 Hyper-V denial of service
13565| [114531] Microsoft Windows up to Server 2016 Windows Installer privilege escalation
13566| [114530] Microsoft Windows up to Server 2016 GDI privilege escalation
13567| [114529] Microsoft Windows up to Server 2016 GDI privilege escalation
13568| [114527] Microsoft Windows up to Server 2016 Kernel information disclosure
13569| [114526] Microsoft Windows up to Server 2016 Kernel information disclosure
13570| [114525] Microsoft Windows up to Server 2016 Kernel information disclosure
13571| [114522] Microsoft Windows 10 1607/10 1703/Server 2016 Desktop Bridge privilege escalation
13572| [114521] Microsoft Windows up to Server 2016 Video Control privilege escalation
13573| [114520] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge privilege escalation
13574| [114518] Microsoft Windows up to Server 2016 Remote Assistance information disclosure
13575| [114517] Microsoft Windows 10/Server 1709/Server 2016 Desktop Bridge VFS privilege escalation
13576| [114516] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
13577| [113835] Microsoft Identity Manager 2016 SP1 cross site scripting
13578| [113264] Microsoft Windows 8.1/RT 8.1/Server 2012 R2 SMBv2/SMBv3 denial of service
13579| [113260] Microsoft Windows up to Server 2016 Kernel memory corruption
13580| [113259] Microsoft Windows 10/Server 1709/Server 2016 NTFS privilege escalation
13581| [113254] Microsoft Windows up to Server 2016 Kernel information disclosure
13582| [113253] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
13583| [113252] Microsoft Windows up to Server 2016 Kernel memory corruption
13584| [113250] Microsoft Windows 10/Server 1709/Server 2016 Kernel memory corruption
13585| [113249] Microsoft Windows up to Server 2016 Kernel memory corruption
13586| [113248] Microsoft Windows up to Server 2016 Kernel information disclosure
13587| [113243] Microsoft Windows 10/Server 2016 MultiPoint Management privilege escalation
13588| [113242] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
13589| [113241] Microsoft Windows up to Server 2016 Common Log File System Driver memory corruption
13590| [113240] Microsoft Windows 10/Server 1709/Server 2016 AppContainer privilege escalation
13591| [113237] Microsoft SharePoint Enterprise Server 2016 cross site scripting
13592| [113236] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13593| [113233] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Uninitialized Memory information disclosure
13594| [113232] Microsoft Excel 2016 memory corruption
13595| [113230] Microsoft Windows up to Server 2016 Scripting Engine information disclosure
13596| [113229] Microsoft Windows up to Server 2016 StructuredQuery memory corruption
13597| [111580] Microsoft Office 2016 on Mac Email Attachment spoofing
13598| [111571] Microsoft SharePoint Enterprise Server 2013/2016 Access cross site scripting
13599| [111567] Microsoft Office 2010/2013/2016 memory corruption
13600| [111564] Microsoft Word 2016 memory corruption
13601| [111562] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
13602| [111561] Microsoft SharePoint Server 2010/2013/2016 Web Request cross site scripting
13603| [128730] Microsoft Windows up to Server 2019 JET Database Engine memory corruption
13604| [111358] Microsoft Windows up to Server 2016 IPsec denial of service
13605| [110553] Microsoft Office 2016 C2R information disclosure
13606| [110552] Microsoft SharePoint Enterprise Server 2016 Web Request privilege escalation
13607| [110551] Microsoft Excel 2016 C2R memory corruption
13608| [110550] Microsoft PowerPoint 2013 RT SP1/2013 SP1/2016 information disclosure
13609| [110549] Microsoft Exchange Server 2016 CU6/2016 CU7 Outlook Web Access privilege escalation
13610| [110547] Microsoft Windows up to Server 2016 its:// Protocol information disclosure
13611| [110531] Microsoft Windows 10/Server 2016 Device Guard privilege escalation
13612| [110522] Microsoft Windows up to Server 2016 RRAS privilege escalation
13613| [110350] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13614| [110318] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13615| [109391] Microsoft SharePoint Enterprise Server 2016 Project Server cross site request forgery
13616| [109389] Microsoft Excel 2016 Click-to-Run memory corruption
13617| [109360] Microsoft Windows up to Server 2016 Windows Search denial of service
13618| [107759] Microsoft Windows up to Server 2016 SMB denial of service
13619| [107757] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13620| [107756] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13621| [107753] Microsoft Windows 10/Server 2016 SMB privilege escalation
13622| [107744] Microsoft Windows up to Server 2016 DNSAPI DNSAPI.dll DNS Response privilege escalation
13623| [107741] Microsoft Outlook 2016 Secure Connection Mail information disclosure
13624| [107740] Microsoft Windows up to Server 2016 Graphics memory corruption
13625| [107739] Microsoft Windows up to Server 2016 Graphics memory corruption
13626| [107738] Microsoft Windows up to Server 2016 Search information disclosure
13627| [107734] Microsoft Windows 10/Server 2016 SMB privilege escalation
13628| [107732] Microsoft Outlook 2010 SP2/2013 RT SP1/2013 SP1/2016 Bypass privilege escalation
13629| [107730] Microsoft Windows up to Server 2016 Search Remote memory corruption
13630| [107729] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13631| [107728] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13632| [107727] Microsoft SharePoint Enterprise Server 2013 SP1/2016 cross site scripting
13633| [107724] Microsoft Windows up to Server 2016 Text Services Framework memory corruption
13634| [107723] Microsoft Windows up to Server 2016 SMB information disclosure
13635| [107698] Microsoft Office 2016 memory corruption
13636| [107593] InFocus Mondopad 2.2.08 Excel Spreadsheet Microsoft Office Document Credentials information disclosure
13637| [106544] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13638| [106531] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13639| [106529] Microsoft PowerPoint 2016 memory corruption
13640| [106523] Microsoft Windows up to Server 2016 PDF Library memory corruption
13641| [106518] Microsoft Edge on Win10/Server 2016 memory corruption
13642| [106516] Microsoft Windows up to Server 2016 PDF Library memory corruption
13643| [106498] Microsoft Windows up to Server 2016 Shell privilege escalation
13644| [106496] Microsoft Windows up to Server 2016 Uniscribe information disclosure
13645| [106495] Microsoft Windows up to Server 2012 R2 Uniscribe memory corruption
13646| [106492] Microsoft Windows Server 2012/Server 2012 R2/Server 2016 DHCP Service memory corruption
13647| [106489] Microsoft Windows up to Server 2016 Graphics Win32k win32k!fsc_CalcGrayRow memory corruption
13648| [106474] Microsoft Office 2016 memory corruption
13649| [106473] Microsoft SharePoint Server 2013 SP1 cross site scripting
13650| [106472] Microsoft Windows up to Server 2016 Bluetooth Driver Object BlueBorne spoofing
13651| [106470] Microsoft Excel 2011 on Mac memory corruption
13652| [106455] Microsoft Exchange Server 2013/2016 information disclosure
13653| [106454] Microsoft Windows up to Server 2016 Windows NetBT Session Services race condition memory corruption
13654| [105048] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
13655| [105047] Microsoft Edge on Win10/Server 2016 Scripting Engine EntryCall memory corruption
13656| [105046] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13657| [105040] Microsoft Edge on Win10/Server 2016 Scripting Engine memory corruption
13658| [105038] Microsoft Edge on Win10/Server 2016 Javascript Engine Out-of-Bounds memory corruption
13659| [105037] Microsoft Edge on Win10/Server 2016 Javascript Engine PreVisitCatch memory corruption
13660| [105035] Microsoft SharePoint Server 2010 SP2 cross site scripting
13661| [105033] Microsoft Edge 38.14393.1066.0 on Win10/Server 2016 Use-After-Free information disclosure
13662| [105029] Microsoft Edge on Win10/Server 2016 Javascript Engine ProcessLinkFailedAsmJsModule memory corruption
13663| [105027] Microsoft Edge on Win10/Server 2016 _SelectValueInternal information disclosure
13664| [105024] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13665| [105023] Microsoft Edge on Win10/Server 2016 Javascript Engine memory corruption
13666| [105017] Microsoft Windows up to Server 2016 Error Reporting information disclosure
13667| [105013] Microsoft Windows 10 1607/10 1703/Server 2016 Hyper-V denial of service
13668| [105011] Microsoft Windows up to Server 2016 Windows Search memory corruption
13669| [105010] Microsoft Windows up to Server 2016 Win32k memory corruption
13670| [105009] Microsoft Windows up to Server 2016 Input Method Editor memory corruption
13671| [105008] Microsoft SQL Server 2012/2014/2016 Analysis Services information disclosure
13672| [104990] Microsoft Windows up to Server 2016 JET Database Engine memory corruption
13673| [104989] Microsoft Windows up to Server 2016 NetBIOS denial of service
13674| [104584] Microsoft Outlook up to 2016 C2R Document File privilege escalation
13675| [104583] Microsoft Outlook up to 2016 C2R Email memory corruption
13676| [104582] Microsoft Outlook up to 2016 C2R Object memory corruption
13677| [103468] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 Open Redirect
13678| [103446] Microsoft Windows up to Server 2016 Search Object privilege escalation
13679| [103445] Microsoft Windows up to Server 2016 Wordpad privilege escalation
13680| [103444] Microsoft Windows up to Server 2016 Explorer denial of service
13681| [103442] Microsoft Windows 10/Server 2016 HoloLens WiFi Packet privilege escalation
13682| [103441] Microsoft Windows up to Server 2016 Object HTTP.sys information disclosure
13683| [103431] Microsoft Windows up to Server 2016 PowerShell PSObject Object privilege escalation
13684| [103429] Microsoft Windows up to Server 2016 Kerberos weak authentication
13685| [103426] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
13686| [103425] Microsoft Exchange Server 2010 SP3/2013 CU16/2013 SP3/2016 CU5 OWA Request cross site scripting
13687| [103420] Microsoft Windows up to Server 2016 Kerberos Bypass privilege escalation
13688| [103417] Microsoft Windows up to Server 2016 Windows Shell privilege escalation
13689| [102544] Microsoft Edge on Win10/Server 2016 Fetch API information disclosure
13690| [102543] Microsoft Edge on Win10/Server 2016 Javascript XML DOM Object information disclosure
13691| [102463] Microsoft Project Server 2013 SP1 cross site scripting
13692| [102460] Microsoft Outlook 2016 on Mac HTML spoofing
13693| [102448] Microsoft SharePoint Enterprise Server 2016 Reflected cross site scripting
13694| [102446] Microsoft Office up to 2016 privilege escalation
13695| [102445] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 privilege escalation
13696| [102443] Microsoft Office up to 2016 privilege escalation
13697| [102412] Microsoft Windows up to Server 2016 PDF information disclosure
13698| [102397] Microsoft Outlook 2010 SP1/2013 SP1/2016 DLL Loader privilege escalation
13699| [102396] Microsoft Office 2013 SP1/2016 DLL Loader privilege escalation
13700| [102386] Microsoft Windows up to Server 2012 R2 Uniscribe privilege escalation
13701| [102385] Microsoft Windows up to Server 2016 Font Library privilege escalation
13702| [102376] Microsoft Windows up to Server 2016 CAB File privilege escalation
13703| [102375] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
13704| [102374] Microsoft Windows up to Server 2016 PDF Parser privilege escalation
13705| [102373] Microsoft Windows up to Server 2016 Uniscribe Font USP10!MergeLigRecords memory corruption
13706| [101817] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13707| [101816] Microsoft Windows up to Server 2016 Malware Protection Engine setCaller memory corruption
13708| [101815] Microsoft Windows up to Server 2016 Malware Protection Engine Use-After-Free memory corruption
13709| [101814] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13710| [101813] Microsoft Windows up to Server 2016 Malware Protection Engine memory corruption
13711| [101812] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13712| [101811] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13713| [101810] Microsoft Windows up to Server 2016 Malware Protection Engine denial of service
13714| [101028] Microsoft Windows 10/Server 2016 Hyper-V vSMB privilege escalation
13715| [101020] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13716| [101019] Microsoft Skype for Business 2016 memory corruption
13717| [101018] Microsoft SharePoint 2010 SP2/2013 SP1/2016 memory corruption
13718| [101016] Microsoft PowerPoint 2011 on Mac memory corruption
13719| [101015] Microsoft PowerPoint 2011 on Mac memory corruption
13720| [101014] Microsoft Office 2010 SP2/2016 memory corruption
13721| [101013] Microsoft Office 2010 SP2/2016 memory corruption
13722| [101002] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13723| [101001] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13724| [101000] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13725| [100999] Microsoft Windows up to Server 2016 SMBv1 Server memory corruption
13726| [100918] Microsoft Windows 8/8.1/10/Server 2012/Server 2016 Malware Protection Service Type Confusion privilege escalation
13727| [99697] Microsoft SharePoint Server 2010 SP1/2010 SP2 Excel Services cross site scripting
13728| [99683] Microsoft Windows 10 1607/10 1703/Server 2012 R2/Server 2016 Active Directory Lockout privilege escalation
13729| [99682] Microsoft Outlook 2011 on Mac HTML Tag Validator spoofing
13730| [99681] Microsoft Windows up to Server 2016 OLE Integrity-Level Check privilege escalation
13731| [99667] Microsoft Windows 10/Server 2016 Active Directory Service Unresponsive denial of service
13732| [98272] Microsoft Windows up to 10/Server 2016 Local Session privilege escalation
13733| [98096] Microsoft Exchange 2013 SP1 privilege escalation
13734| [98095] Microsoft Lync for Mac 2011 Certificate Validation weak authentication
13735| [98094] Microsoft SharePoint Server 2013 SP1 cross site scripting
13736| [98093] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
13737| [98091] Microsoft SharePoint Server/Office Web Apps 2010 SP2 memory corruption
13738| [98090] Microsoft SharePoint Server 2010 SP2/2013 SP1 information disclosure
13739| [98089] Microsoft Office Web Apps 2013 SP1 memory corruption
13740| [98082] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 denial of service
13741| [98081] Microsoft Excel up to 2016 information disclosure
13742| [98080] Microsoft Excel 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13743| [98079] Microsoft Word 2016 memory corruption
13744| [98076] Microsoft Lync/Skype for Business 2010/2013/2016 Graphics Component privilege escalation
13745| [98075] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
13746| [98074] Microsoft Lync/Skype for Business 2010/2013/2016 GDI+ information disclosure
13747| [98073] Microsoft Office 2010 SP2/Word Viewer Graphics Component information disclosure
13748| [98069] Microsoft Windows up to Server 2012 R2 Color Management memory corruption
13749| [98056] Microsoft Windows up to Server 2016 DNS Query information disclosure
13750| [98054] Microsoft Windows up to Server 2016 SMBv2/SMBv3 NULL Pointer Dereference memory corruption
13751| [98017] Microsoft Windows up to Server 2016 PDF memory corruption
13752| [98015] Microsoft Windows 10/Server 2016 Hyper-V denial of service
13753| [98013] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
13754| [98007] Microsoft Windows 10/Server 2016 Hyper-V Network Switch denial of service
13755| [98006] Microsoft Windows 10/Server 2016 Hyper-V vSMB memory corruption
13756| [96521] Microsoft Windows 8.1/10/Server 2012/Server 2016 SMB Response mrxsmb20.sys denial of service
13757| [95781] Microsoft PowerPoint 2016 Java Embedded Object privilege escalation
13758| [95125] Microsoft Word/SharePoint Enterprise Server 2016 Document privilege escalation
13759| [94451] Microsoft Office 2011 memory corruption
13760| [94447] Microsoft Office 2010 SP2 memory corruption
13761| [94446] Microsoft Office 2016 memory corruption
13762| [94444] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 OLE DLL Loader memory corruption
13763| [94443] Microsoft Office up to 2016 information disclosure
13764| [94442] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 privilege escalation
13765| [93964] Microsoft Windows 7 Excel Starter 2010 XXE information disclosure
13766| [93543] Microsoft SQL Server 2016 FILESTREAM Path privilege escalation
13767| [93540] Microsoft Excel 2010 SP2/2011/2016 memory corruption
13768| [93416] Microsoft SQL Server 2014 SP2/2016/up to 2012 SP3 Server Agent atxcore.dll privilege escalation
13769| [93415] Microsoft SQL Server 2016 MDS API cross site scripting
13770| [93414] Microsoft SQL Server up to 2012 SP3 RDBMS Engine privilege escalation
13771| [93413] Microsoft SQL Server 2016/up to 2014 SP2 RDBMS Engine privilege escalation
13772| [93412] Microsoft SQL Server 2016 RDBMS Engine privilege escalation
13773| [93393] Microsoft Office up to 2016 memory corruption
13774| [93392] Microsoft Office up to 2016 memory corruption
13775| [93391] Microsoft Office up to 2016 memory corruption
13776| [93389] Microsoft Windows up to Server 2016 Media Foundation memory corruption
13777| [93388] Microsoft Windows up to Server 2016 Animation Manager Stylesheets memory corruption
13778| [92587] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 Transaction Manager privilege escalation
13779| [92584] Microsoft Office up to 2016 memory corruption
13780| [91571] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
13781| [91570] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library information disclosure
13782| [91556] Microsoft Exchange 2016 Meeting Invation cross site scripting
13783| [91555] Microsoft Exchange 2013/2016 Link spoofing
13784| [91550] Microsoft Office 2016 memory corruption
13785| [91547] Microsoft Office 2010 memory corruption
13786| [91543] Microsoft Office up to 2016 memory corruption
13787| [91541] Microsoft Office 2013/2016 APP-V ASLR privilege escalation
13788| [90711] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF privilege escalation
13789| [90710] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 Netlogon privilege escalation
13790| [90704] Microsoft Office 2013/2013 RT/2016 memory corruption
13791| [89043] Microsoft Office up to 2016 memory corruption
13792| [89041] Microsoft Office up to 2016 memory corruption
13793| [89040] Microsoft Office 2010 SP2/2011/2013 RT SP1/2013 SP1/2016 memory corruption
13794| [89038] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 Security Feature privilege escalation
13795| [89037] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1/2016 memory corruption
13796| [87961] Microsoft Windows up to Server 2012 R2 Search denial of service
13797| [87959] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
13798| [87958] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF memory corruption
13799| [87957] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF information disclosure
13800| [87956] Microsoft Exchange 2013/2016 Oracle Outside In Libraries information disclosure
13801| [87944] Microsoft Windows Server 2012/Server 2012 R2 Virtual PCI Memory information disclosure
13802| [87940] Microsoft Windows Server 2012/Server 2012 R2 DNS Server Use-After-Free memory corruption
13803| [87936] Microsoft Office up to 2016 memory corruption
13804| [87166] Microsoft Windows up to Server 2012 R2 DirectX Graphics Kernel Subsystem privilege escalation
13805| [87156] Microsoft Windows 8.1/10/RT 8.1/Server 2012 R2 Shell memory corruption
13806| [87149] Microsoft Office up to 2016 memory corruption
13807| [87148] Microsoft Office 2010 Graphics memory corruption
13808| [87146] Microsoft Office 2011/2013/2013 RT/2016 memory corruption
13809| [82229] Microsoft Excel 2010 SP2 Office Document memory corruption
13810| [82223] Microsoft Windows 8.1/10/Server 2012 R2 Hyper-V Memory information disclosure
13811| [82222] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Memory information disclosure
13812| [82221] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Hyper-V privilege escalation
13813| [81274] Microsoft Office up to 2016 memory corruption
13814| [81270] Microsoft Windows 8.1/10/RT 8.1/Server 2012/Server 2012 R2 PDF Library memory corruption
13815| [81269] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
13816| [81268] Microsoft Windows up to Server 2012 R2 Media Parser memory corruption
13817| [80886] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13818| [80885] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP memory corruption
13819| [80878] Microsoft Windows Server 2012 R2 Active Directory Federation Service denial of service
13820| [80874] Microsoft Windows 7 SP1/8.1/10/Server 2012/Server 2012 R2 RDP privilege escalation
13821| [80870] Microsoft Office up to 2016 memory corruption
13822| [80868] Microsoft Office up to 2016 memory corruption
13823| [80867] Microsoft Office up to 2016 memory corruption
13824| [80865] Microsoft Windows 8.1/RT 8.1/Server 2012/Server 2012 R2 DLL Loader memory corruption
13825| [80860] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 Reader memory corruption
13826| [80859] Microsoft Windows 8.1/10/Server 2012/Server 2012 R2 PDF Library memory corruption
13827| [80231] Microsoft Excel up to 2016 Office Document memory corruption
13828| [80229] Microsoft Exchange Server 2013 CU 10/2013 CU 11/2013 SP1/2016 Outlook Web Access cross site scripting
13829| [80228] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13830| [80227] Microsoft Exchange Server 2013 CU 10/2013 SP1/2016 Outlook Web Access cross site scripting
13831| [80226] Microsoft Exchange Server 2016 Outlook Web Access cross site scripting
13832| [80218] Microsoft Office up to 2016 ASLR privilege escalation
13833| [80217] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
13834| [80216] Microsoft Office up to 2016 Office Document memory corruption
13835| [80206] Microsoft SharePoint Foundation 2013 SP1 Access Control Policy cross site scripting
13836| [128763] Microsoft Exchange Server 2016 CU10/2016 CU11/2019 memory corruption
13837| [79508] Microsoft Windows up to Server 2012 R2 Library Loader memory corruption
13838| [79500] Microsoft Office 2010/2011/2016 memory corruption
13839| [79183] Microsoft Windows up to Server 2012 R2 IPsec denial of service
13840| [79173] Microsoft Windows up to Server 2012 R2 Graphics information disclosure
13841| [79117] Microsoft Outlook 2011/2016 on Mac HTML spoofing
13842| [78375] Microsoft SharePoint Server/SharePoint Foundation 2013 SP1 cross site scripting
13843| [77645] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
13844| [77644] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access cross site scripting
13845| [77638] Microsoft Lync Server 2013 cross site scripting
13846| [77628] Microsoft SharePoint Foundation 2013 SP1 cross site scripting
13847| [77612] Microsoft Exchange Server 2013 CU8/2013 CU9 Outlook Web Access Stack-Based information disclosure
13848| [77050] Microsoft Office up to 2016 memory corruption
13849| [77037] Microsoft Windows Server 2012/Server 2012 R2 System Center Operations Manager cross site scripting
13850| [76461] Microsoft Windows up to Server 2012 R2 Domain-Controller Communication Credentials information disclosure
13851| [76460] Microsoft Windows 7 SP1/8/Server 2012 RDP Server Service memory corruption
13852| [76448] Microsoft Windows 8.1/Server 2012 R2 Hyper-V memory corruption
13853| [75793] Microsoft Exchange Server 2013 CU8 cross site scripting
13854| [75792] Microsoft Exchange Server 2013 SP1 CU8 cross site request forgery
13855| [75791] Microsoft Office 2013 SP1 Office Document Uninitialized Memory memory corruption
13856| [75787] Microsoft Exchange Server 2013 SP1 CU8 Same Origin Policy privilege escalation
13857| [75786] Microsoft Office 2010 SP2/2013 RT SP1/2013 SP1 Office Document memory corruption
13858| [66976] Microsoft Access 2010 VBA Datatype denial of service
13859| [74848] Microsoft SharePoint Foundation/SharePoint Server 2013 SP1 cross site scripting
13860| [74842] Microsoft Windows 8.1/Server 2012 R2 Hyper-V denial of service
13861| [74836] Microsoft Project Server 2010 SP2/2013 SP1 cross site scripting
13862| [74835] Microsoft Office 2011 on Mac Use-After-Free cross site scripting
13863| [74834] Microsoft Windows Server 2012 R2 Active Directory Federation Services 3.0 privilege escalation
13864| [74833] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 HTTP Request HTTP.sys privilege escalation
13865| [74393] Microsoft SharePoint Server 2013 Foundation cross site scripting
13866| [73967] Microsoft Office up to 2013 SP1 Office File memory corruption
13867| [73966] Microsoft Office up to 2013 SP1 RTF File memory corruption
13868| [73965] Microsoft Office up to 2013 SP1 Use-After-Free memory corruption
13869| [73961] Microsoft Windows 7 SP1/8/8.1/Server 2012/Server 2012 R2 Remote Desktop Protocol Object Management denial of service
13870| [69162] Microsoft System Center Virtual Machine Manager 2012 privilege escalation
13871| [69160] Microsoft Windows up to Server 2012 Process privilege escalation
13872| [69156] Microsoft Office 2010 Object memory corruption
13873| [68593] Microsoft Windows up to Server 2012 Network Location Awareness Service privilege escalation
13874| [68417] Microsoft Exchange 2013 Outlook Web Access Token spoofing
13875| [68191] Microsoft SharePoint 2010 cross site scripting
13876| [67828] Microsoft ASP.NET MVC 2/3/4/5/5.1 System.Web.Mvc.dll cross site scripting
13877| [67518] Microsoft Lync 2013 denial of service
13878| [67517] Microsoft Lync 2013 Script Reflected cross site scripting
13879| [67516] Microsoft Lync 2010/2013 denial of service
13880| [67362] Microsoft Windows up to Server 2012 R2 Remote Procedure Call privilege escalation
13881| [67360] Microsoft SharePoint 2013 App Permission Management cross site scripting
13882| [13549] Microsoft Windows 7/8/8.1/Server 2012 Remote Desktop Protocol weak encryption
13883| [13547] Microsoft Lync 2010/2013 Meeting cross site scripting
13884| [13228] Microsoft Office 2013 Document privilege escalation
13885| [68577] Microsoft ASP.NET 2014.3.1209 Telerik UI RadAsyncUpload directory traversal
13886| [12267] Microsoft Forefront Security for Exchange Server 2010 Mail memory corruption
13887| [12263] Microsoft Windows up to Server 2012 Direct2D 2D Geometric Figure memory corruption
13888| [12238] Microsoft Windows 8/RT/Server 2012 IPv6 denial of service
13889| [12185] Microsoft .NET Framework 2/4 HMAC weak authentication
13890| [12183] Microsoft .NET Framework 2/4 DTD denial of service
13891| [11673] Microsoft Windows Live Movie Maker 2011 WAV File denial of service
13892| [11468] Microsoft Exchange 2010/2013 cross site scripting
13893| [11466] Microsoft Office 2013 File Response information disclosure
13894| [11457] Microsoft SharePoint Server/Office Web Apps 2010 SP1/2010 SP2/2013 W3WP Service Account privilege escalation
13895| [11150] Microsoft Windows 8/Server 2012 Hyper-V Data Structure Value Crash privilege escalation
13896| [11004] Microsoft Windows Server 2012 R2 RDP Restricted Admin Mode weak authentication
13897| [10250] Microsoft SharePoint Server up to 2013 W3WP Process denial of service
13898| [10249] Microsoft SharePoint 2010/2003/2007/2.0/3.0 Workflow memory corruption
13899| [10248] Microsoft SharePoint Server up to 2013 cross site scripting
13900| [9943] Microsoft Windows Server 2012 NAT Driver ICMP Packet denial of service
13901| [8739] Microsoft Windows Essentials up to 2012 Windows Writer Eingabe information disclosure
13902| [8725] Microsoft Lync 2010/2013 Use-After-Free memory corruption
13903| [8722] Microsoft Windows 8/RT/Server 2012 HTTP.sys denial of service
13904| [8206] Microsoft SharePoint Server 2010 SP1 HTML Sanitization Component cross site scripting
13905| [8203] Microsoft Windows up to 2012 AD LDAP Query denial of service
13906| [8200] Microsoft SharePoint Server 2013 ACL information disclosure
13907| [7971] Microsoft Office for Mac 2011 up to 14.3.1 on Mac HTML5 Mail Message Parser File information disclosure
13908| [7969] Microsoft OneNote 2010 SP1 ONE File information disclosure
13909| [7968] Microsoft SharePoint Server 2010 SP1 Input Validator Eingabe Crash denial of service
13910| [7967] Microsoft SharePoint Server 2010 SP1 User Account Eingabe Crash information disclosure
13911| [7966] Microsoft SharePoint Server 2010 SP1 Eingabe Crash cross site scripting
13912| [7965] Microsoft SharePoint Server 2010 SP1 User Account Callback URL privilege escalation
13913| [7964] Microsoft Visio 2010 Tree Object Type File memory corruption
13914| [7343] Microsoft Lync 2012 HTTP Format String
13915| [7258] Microsoft Windows up to 8/Server 2012 SSL/TLS race condition
13916| [7230] Microsoft Excel 2010 SP1 on 32-bit XLS File Formatting Information Crash denial of service
13917| [6831] Microsoft Office Picture Manager 2010 File memory corruption
13918| [62720] EMC NetWorker Module for Microsoft Applications up to 2.2.0 memory corruption
13919| [6624] Microsoft SQL Server up to 2012 Report Manager cross site scripting
13920| [62238] Microsoft Visual Studio Team Foundation Server 2010 cross site scripting
13921| [5946] Microsoft Visio/Visio Viewer up to 2010 SP1 File memory corruption
13922| [5644] Microsoft SharePoint 2010 scriptesx.ashx cross site scripting
13923| [5641] Microsoft SharePoint 2010 cross site scripting
13924| [60943] Microsoft Dynamics AX 2012 Enterprise Portal cross site scripting
13925| [12311] Microsoft Lync 2010 Search race condition
13926| [60570] Microsoft Forefront Unified Access Gateway 2010 information disclosure
13927| [60569] Microsoft Forefront Unified Access Gateway 2010 spoofing
13928| [60208] Microsoft Visio Viewer 2010 memory corruption
13929| [60207] Microsoft Visio Viewer 2010 memory corruption
13930| [60206] Microsoft Visio Viewer 2010 memory corruption
13931| [4640] Microsoft SharePoint 2010 inplview.aspx cross site scripting
13932| [4636] Microsoft SharePoint 2010 wizardlist.aspx cross site scripting
13933| [4635] Microsoft SharePoint 2010 themeweb.aspx cross site scripting
13934| [59008] Microsoft Forefront Unified Access Gateway 2010 Crash denial of service
13935| [58995] Microsoft Forefront Unified Access Gateway 2010 memory corruption
13936| [58994] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
13937| [58993] Microsoft Forefront Unified Access Gateway 2010 Reflected cross site scripting
13938| [4424] Microsoft Host Integration Server up to 2010 denial of service
13939| [4420] Microsoft Forefront Unified Access Gateway 2010 memory corruption
13940| [58487] Microsoft SharePoint Foundation 2010 cross site scripting
13941| [58486] Microsoft SharePoint Foundation 2010 Reflected cross site scripting
13942| [58485] Microsoft SharePoint Foundation 2010 EditForm.aspx cross site scripting
13943| [4414] Microsoft SharePoint 2010 cross site scripting
13944| [4413] Microsoft SharePoint 2010/2007/3.0 XML/XLS unknown vulnerability
13945| [91971] Microsoft Skype 2.2.x/5.2.x/5.3.x denial of service
13946| [57693] Microsoft Forefront Threat Management Gateway 2010 NSPLookupServiceNext memory corruption
13947| [56028] Microsoft Data Access Components 2.8 memory corruption
13948| [55777] Microsoft Windows Movie Maker 2.6 memory corruption
13949| [55424] Microsoft Forefront Unified Access Gateway 2010 Signurl.asp cross site scripting
13950| [55415] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
13951| [55414] Microsoft Forefront Unified Access Gateway 2010 cross site scripting
13952| [55413] Microsoft Forefront Unified Access Gateway 2010 spoofing
13953| [54341] Microsoft Windows Movie Maker 2.1 memory corruption
13954| [54549] Microsoft PowerPoint 2010 pptimpconv.dll memory corruption
13955| [4009] Microsoft NET Framework 2.x/3.x denial of service
13956| [45681] Microsoft Internet Explorer 8 Beta 2 privilege escalation
13957| [45449] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13958| [45448] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13959| [45446] Microsoft Internet Explorer 8 Beta 2 XSS Filter cross site scripting
13960| [2927] Microsoft Data Access Components 2.x ADODB.Connection ActiveX Control memory corruption
13961| [32692] Microsoft XML Core Services up to 2.6 memory corruption
13962| [32691] Microsoft XML Core Services up to 2.6 memory corruption
13963|
13964| MITRE CVE - https://cve.mitre.org:
13965| [CVE-2013-3661] The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
13966| [CVE-2013-3660] The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
13967| [CVE-2013-3174] DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
13968| [CVE-2013-3173] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overwrite Vulnerability."
13969| [CVE-2013-3172] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to cause a denial of service (system hang) via a crafted application that leverages improper handling of objects in memory, aka "Win32k Buffer Overflow Vulnerability."
13970| [CVE-2013-3171] The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
13971| [CVE-2013-3167] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Information Disclosure Vulnerability."
13972| [CVE-2013-3154] The signature-update functionality in Windows Defender on Microsoft Windows 7 and Windows Server 2008 R2 relies on an incorrect pathname, which allows local users to gain privileges via a Trojan horse application in the %SYSTEMDRIVE% top-level directory, aka "Microsoft Windows 7 Defender Improper Pathname Vulnerability."
13973| [CVE-2013-3138] Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (system hang) via crafted TCP packets, aka "TCP/IP Integer Overflow Vulnerability."
13974| [CVE-2013-3136] The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 on 32-bit platforms does not properly handle unspecified page-fault system calls, which allows local users to obtain sensitive information from kernel memory via a crafted application, aka "Kernel Information Disclosure Vulnerability."
13975| [CVE-2013-3134] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 on 64-bit platforms does not properly allocate arrays of structures, which allows remote attackers to execute arbitrary code via a crafted .NET Framework application that changes array data, aka "Array Allocation Vulnerability."
13976| [CVE-2013-3133] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Anonymous Method Injection Vulnerability."
13977| [CVE-2013-3132] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check the permissions of objects that use reflection, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Delegate Reflection Bypass Vulnerability."
13978| [CVE-2013-3131] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and Silverlight 5 before 5.1.20513.0, does not properly prevent changes to data in multidimensional arrays of structures, which allows remote attackers to execute arbitrary code via (1) a crafted .NET Framework application or (2) a crafted Silverlight application, aka "Array Access Violation Vulnerability."
13979| [CVE-2013-1345] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Vulnerability."
13980| [CVE-2013-1340] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Dereference Vulnerability."
13981| [CVE-2013-1339] The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a crafted request, aka "Print Spooler Vulnerability."
13982| [CVE-2013-1336] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly check signatures, which allows remote attackers to make undetected changes to signed XML documents via unspecified vectors that preserve signature validity, aka "XML Digital Signature Spoofing Vulnerability."
13983| [CVE-2013-1335] Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to execute arbitrary code via crafted shape data in a Word document, aka "Word Shape Corruption Vulnerability."
13984| [CVE-2013-1334] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Window Handle Vulnerability."
13985| [CVE-2013-1332] dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "DirectX Graphics Kernel Subsystem Double Fetch Vulnerability."
13986| [CVE-2013-1331] Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac allows remote attackers to execute arbitrary code via crafted PNG data in an Office document, leading to improper memory allocation, aka "Office Buffer Overflow Vulnerability."
13987| [CVE-2013-1329] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers a buffer underflow, aka "Publisher Buffer Underflow Vulnerability."
13988| [CVE-2013-1328] Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers incorrect pointer handling, aka "Publisher Pointer Handling Vulnerability."
13989| [CVE-2013-1327] Integer signedness error in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper memory allocation, aka "Publisher Signed Integer Vulnerability."
13990| [CVE-2013-1323] Microsoft Publisher 2003 SP3 does not properly handle NULL values for unspecified data items, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Incorrect NULL Value Handling Vulnerability."
13991| [CVE-2013-1322] Microsoft Publisher 2003 SP3 does not properly check table range data, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Invalid Range Check Vulnerability."
13992| [CVE-2013-1321] Microsoft Publisher 2003 SP3 does not properly check the data type of an unspecified return value, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Validation Vulnerability."
13993| [CVE-2013-1320] Buffer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Buffer Overflow Vulnerability."
13994| [CVE-2013-1319] Microsoft Publisher 2003 SP3 does not properly check the return value of an unspecified method, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Return Value Handling Vulnerability."
13995| [CVE-2013-1318] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers access to an invalid pointer, aka "Publisher Corrupt Interface Pointer Vulnerability."
13996| [CVE-2013-1317] Integer overflow in Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that triggers an improper allocation-size calculation, aka "Publisher Integer Overflow Vulnerability."
13997| [CVE-2013-1316] Microsoft Publisher 2003 SP3 does not properly validate the size of an unspecified array, which allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Negative Value Allocation Vulnerability."
13998| [CVE-2013-1302] Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and Lync Server 2013 do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via an invitation that triggers access to a deleted object, aka "Lync RCE Vulnerability."
13999| [CVE-2013-1301] Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunction with an entity reference, aka "XML External Entities Resolution Vulnerability."
14000| [CVE-2013-1300] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
14001| [CVE-2013-1295] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "CSRSS Memory Corruption Vulnerability."
14002| [CVE-2013-1294] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
14003| [CVE-2013-1293] The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application that leverages improper handling of objects in memory, aka "NTFS NULL Pointer Dereference Vulnerability."
14004| [CVE-2013-1292] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
14005| [CVE-2013-1291] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, Windows 7 Gold and SP1, and Windows 8 allows local users to cause a denial of service (reboot) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability" or "Win32k Font Parsing Vulnerability."
14006| [CVE-2013-1287] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1286.
14007| [CVE-2013-1286] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1285 and CVE-2013-1287.
14008| [CVE-2013-1285] The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 do not properly handle objects in memory, which allows physically proximate attackers to execute arbitrary code by connecting a crafted USB device, aka "Windows USB Descriptor Vulnerability," a different vulnerability than CVE-2013-1286 and CVE-2013-1287.
14009| [CVE-2013-1283] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Win32k Race Condition Vulnerability."
14010| [CVE-2013-1281] The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and Server 2012 allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via an attempted renaming of a file or folder located on a read-only share, aka "NULL Dereference Vulnerability."
14011| [CVE-2013-1280] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Reference Count Vulnerability."
14012| [CVE-2013-1279] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1278.
14013| [CVE-2013-1278] Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages incorrect handling of objects in memory, aka "Kernel Race Condition Vulnerability," a different vulnerability than CVE-2013-1279.
14014| [CVE-2013-1277] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14015| [CVE-2013-1276] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14016| [CVE-2013-1275] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14017| [CVE-2013-1274] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14018| [CVE-2013-1273] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14019| [CVE-2013-1272] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14020| [CVE-2013-1271] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14021| [CVE-2013-1270] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14022| [CVE-2013-1269] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14023| [CVE-2013-1268] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14024| [CVE-2013-1267] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14025| [CVE-2013-1266] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14026| [CVE-2013-1265] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14027| [CVE-2013-1264] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14028| [CVE-2013-1263] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14029| [CVE-2013-1262] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14030| [CVE-2013-1261] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14031| [CVE-2013-1260] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14032| [CVE-2013-1259] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14033| [CVE-2013-1258] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14034| [CVE-2013-1257] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14035| [CVE-2013-1256] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14036| [CVE-2013-1255] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14037| [CVE-2013-1254] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14038| [CVE-2013-1253] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14039| [CVE-2013-1252] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14040| [CVE-2013-1251] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14041| [CVE-2013-1250] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14042| [CVE-2013-1249] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14043| [CVE-2013-1248] Race condition in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges, and consequently read the contents of arbitrary kernel memory locations, via a crafted application, a different vulnerability than other CVEs listed in MS13-016.
14044| [CVE-2013-0095] Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for Mac 2011 before 14.3.2 allows remote attackers to trigger access to a remote URL and consequently confirm the rendering of an HTML e-mail message by including unspecified HTML5 elements and leveraging the installation of a WebKit browser on the victim's machine, aka "Unintended Content Loading Vulnerability."
14045| [CVE-2013-0077] Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via crafted media content in (1) a media file, (2) a media stream, or (3) a Microsoft Office document, aka "Media Decompression Vulnerability."
14046| [CVE-2013-0076] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Reference Count Vulnerability."
14047| [CVE-2013-0075] The TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (reboot) via a crafted packet that terminates a TCP connection, aka "TCP FIN WAIT Vulnerability."
14048| [CVE-2013-0073] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly restrict the privileges of a callback function during object creation, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "WinForms Callback Elevation Vulnerability."
14049| [CVE-2013-0013] The SSL provider component in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle encrypted packets, which allows man-in-the-middle attackers to conduct SSLv2 downgrade attacks against (1) SSLv3 sessions or (2) TLS sessions by intercepting handshakes and injecting content, aka "Microsoft SSL Version 3 and TLS Protocol Security Feature Bypass Vulnerability."
14050| [CVE-2013-0011] The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted print job, aka "Windows Print Spooler Components Vulnerability."
14051| [CVE-2013-0010] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.
14052| [CVE-2013-0009] Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.
14053| [CVE-2013-0008] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
14054| [CVE-2013-0004] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate the permissions of objects in memory, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application, aka "Double Construction Vulnerability."
14055| [CVE-2013-0003] Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) namespace method in Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a missing array-size check during a memory copy operation, aka "S.DS.P Buffer Overflow Vulnerability."
14056| [CVE-2013-0002] Buffer overflow in the Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, and 4.5 allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages improper counting of objects during a memory copy operation, aka "WinForms Buffer Overflow Vulnerability."
14057| [CVE-2013-0001] The Windows Forms (aka WinForms) component in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 4, and 4.5 does not properly initialize memory arrays, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a pointer to an unmanaged memory location, aka "System Drawing Information Disclosure Vulnerability."
14058| [CVE-2012-5672] Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
14059| [CVE-2012-4791] Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."
14060| [CVE-2012-4786] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allow remote attackers to execute arbitrary code via a crafted TrueType Font (TTF) file, aka "TrueType Font Parsing Vulnerability."
14061| [CVE-2012-4776] The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy settings, which allows remote attackers to execute arbitrary JavaScript code by providing crafted data during execution of (1) an XAML browser application (aka XBAP) or (2) a .NET Framework application, aka "Web Proxy Auto-Discovery Vulnerability."
14062| [CVE-2012-4774] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted (1) file name or (2) subfolder name that triggers use of unallocated memory as the destination of a copy operation, aka "Windows Filename Parsing Vulnerability."
14063| [CVE-2012-2897] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT, as used by Google Chrome before 22.0.1229.79 and other programs, do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted TrueType font file, aka "Windows Font Parsing Vulnerability" or "TrueType Font Parsing Vulnerability."
14064| [CVE-2012-2556] The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows remote attackers to execute arbitrary code via a crafted OpenType font file, aka "OpenType Font Parsing Vulnerability."
14065| [CVE-2012-2553] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
14066| [CVE-2012-2552] Cross-site scripting (XSS) vulnerability in the SQL Server Report Manager in Microsoft SQL Server 2000 Reporting Services SP2 and SQL Server 2005 SP4, 2008 SP2 and SP3, 2008 R2 SP1, and 2012 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Reflected XSS Vulnerability."
14067| [CVE-2012-2551] The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, and Windows 7 Gold and SP1, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted session request, aka "Kerberos NULL Dereference Vulnerability."
14068| [CVE-2012-2543] Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 SP1
14069| [CVE-2012-2539] Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
14070| [CVE-2012-2536] Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."
14071| [CVE-2012-2530] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
14072| [CVE-2012-2529] Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Windows Kernel Integer Overflow Vulnerability."
14073| [CVE-2012-2528] Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
14074| [CVE-2012-2527] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application, aka "Win32k Use After Free Vulnerability."
14075| [CVE-2012-2524] Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Computer Graphics Metafile (CGM) file, aka "CGM File Format Memory Corruption Vulnerability."
14076| [CVE-2012-2520] Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 SP2 and SP3 and 2010 SP1, Communicator 2007 R2, Lync 2010 and 2010 Attendee, SharePoint Server 2007 SP2 and SP3 and 2010 SP1, Groove Server 2010 SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
14077| [CVE-2012-2519] Untrusted search path vulnerability in Entity Framework in ADO.NET in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, and 4 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .NET application, aka ".NET Framework Insecure Library Loading Vulnerability."
14078| [CVE-2012-1896] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider trust levels during construction of output data, which allows remote attackers to obtain sensitive information via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Code Access Security Info Disclosure Vulnerability."
14079| [CVE-2012-1895] The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4 does not properly enforce object permissions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka "Reflection Bypass Vulnerability."
14080| [CVE-2012-1893] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate callback parameters during creation of a hook procedure, which allows local users to gain privileges via a crafted application, aka "Win32k Incorrect Type Handling Vulnerability."
14081| [CVE-2012-1890] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle keyboard-layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout Vulnerability."
14082| [CVE-2012-1887] Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1, and Office 2008 and 2011 for Mac, allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel SST Invalid Length Use After Free Vulnerability."
14083| [CVE-2012-1886] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
14084| [CVE-2012-1885] Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1
14085| [CVE-2012-1870] The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and other products, allows remote web servers to obtain plaintext data by triggering multiple requests to a third-party HTTPS server and sniffing the network during the resulting HTTPS session, aka "TLS Protocol Vulnerability."
14086| [CVE-2012-1867] Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted TrueType font file that triggers incorrect memory allocation, aka "Font Resource Refcount Integer Overflow Vulnerability."
14087| [CVE-2012-1866] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "Clipboard Format Atom Name Handling Vulnerability."
14088| [CVE-2012-1865] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1864.
14089| [CVE-2012-1864] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle user-mode input passed to kernel mode for driver objects, which allows local users to gain privileges via a crafted application, aka "String Atom Class Name Handling Vulnerability," a different vulnerability than CVE-2012-1865.
14090| [CVE-2012-1863] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Reflected List Parameter Vulnerability."
14091| [CVE-2012-1862] Open redirect vulnerability in Microsoft Office SharePoint Server 2007 SP2 and SP3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "SharePoint URL Redirection Vulnerability."
14092| [CVE-2012-1860] Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 do not properly check permissions for search scopes, which allows remote authenticated users to obtain sensitive information or cause a denial of service (data modification) by changing a parameter in a search-scope URL, aka "SharePoint Search Scope Vulnerability."
14093| [CVE-2012-1858] The toStaticHTML API (aka the SafeHTML component) in Microsoft Internet Explorer 8 and 9, Communicator 2007 R2, and Lync 2010 and 2010 Attendee does not properly handle event attributes and script, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted HTML document, aka "HTML Sanitization Vulnerability."
14094| [CVE-2012-1856] The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office 2003 SP3, Office 2003 Web Components SP3, Office 2007 SP2 and SP3, Office 2010 SP1, SQL Server 2000 SP4, SQL Server 2005 SP4, SQL Server 2008 SP2, SP3, R2, R2 SP1, and R2 SP2, Commerce Server 2002 SP4, Commerce Server 2007 SP2, Commerce Server 2009 Gold and R2, Host Integration Server 2004 SP1, Visual FoxPro 8.0 SP1, Visual FoxPro 9.0 SP2, and Visual Basic 6.0 Runtime allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption, aka "MSCOMCTL.OCX RCE Vulnerability."
14095| [CVE-2012-1855] Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly handle function pointers, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Memory Access Vulnerability."
14096| [CVE-2012-1854] Untrusted search path vulnerability in VBE6.dll in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14097| [CVE-2012-1851] Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted response, aka "Print Spooler Service Format String Vulnerability."
14098| [CVE-2012-1850] The Remote Administration Protocol (RAP) implementation in the LanmanWorkstation service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle RAP responses, which allows remote attackers to cause a denial of service (service hang) via crafted RAP packets, aka "Remote Administration Protocol Denial of Service Vulnerability."
14099| [CVE-2012-1848] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Scrollbar Calculation Vulnerability."
14100| [CVE-2012-1847] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14101| [CVE-2012-1537] Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted Office document, aka "DirectPlay Heap Overflow Vulnerability."
14102| [CVE-2012-1528] Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Overflow Vulnerability."
14103| [CVE-2012-1527] Integer underflow in Windows Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted briefcase, aka "Windows Briefcase Integer Underflow Vulnerability."
14104| [CVE-2012-1459] The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
14105| [CVE-2012-1457] The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
14106| [CVE-2012-1453] The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Sophos Anti-Virus 4.61.0, Trend Micro AntiVirus 9.120.0.1004, McAfee Gateway (formerly Webwasher) 2010.1C, Emsisoft Anti-Malware 5.1.0.1, CA eTrust Vet Antivirus 36.1.8511, Antiy Labs AVL SDK 2.0.3.7, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Rising Antivirus 22.83.00.03, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Fortinet Antivirus 4.2.254.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via a CAB file with a modified coffFiles field. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CAB parser implementations.
14107| [CVE-2012-1443] The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.
14108| [CVE-2012-1420] The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command Antivirus 5.2.11.5, F-Prot Antivirus 4.6.2.117, Fortinet Antivirus 4.2.254.0, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, Panda Antivirus 10.0.2.7, and Rising Antivirus 22.83.00.03 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial \7fELF character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
14109| [CVE-2012-1194] The resolver in the DNS Server service in Microsoft Windows Server 2008 before R2 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.
14110| [CVE-2012-0185] Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and 2010 Gold and SP1, Excel Viewer, and Office Compatibility Pack SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers incorrect handling of memory during opening, aka "Excel MergeCells Record Heap Overflow Vulnerability."
14111| [CVE-2012-0184] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14112| [CVE-2012-0183] Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for Mac, and Office Compatibility Pack SP2 and SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted RTF data, aka "RTF Mismatch Vulnerability."
14113| [CVE-2012-0182] Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."
14114| [CVE-2012-0181] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly manage Keyboard Layout files, which allows local users to gain privileges via a crafted application, aka "Keyboard Layout File Vulnerability."
14115| [CVE-2012-0180] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly handle user-mode input passed to kernel mode for (1) windows and (2) messages, which allows local users to gain privileges via a crafted application, aka "Windows and Messages Vulnerability."
14116| [CVE-2012-0179] Double free vulnerability in tcpip.sys in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that binds an IPv6 address to a local interface, aka "TCP/IP Double Free Vulnerability."
14117| [CVE-2012-0178] Race condition in partmgr.sys in Windows Partition Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that makes multiple simultaneous Plug and Play (PnP) Configuration Manager function calls, aka "Plug and Play (PnP) Configuration Manager Vulnerability."
14118| [CVE-2012-0177] Heap-based buffer overflow in the Office Works File Converter in Microsoft Office 2007 SP2, Works 9, and Works 6-9 File Converter allows remote attackers to execute arbitrary code via a crafted Works (aka .wps) file, aka "Office WPS Converter Heap Overflow Vulnerability."
14119| [CVE-2012-0175] The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted name for a (1) file or (2) directory, aka "Command Injection Vulnerability."
14120| [CVE-2012-0174] Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly enforce firewall rules for outbound broadcast packets, which allows remote attackers to obtain potentially sensitive information by observing broadcast traffic on a local network, aka "Windows Firewall Bypass Vulnerability."
14121| [CVE-2012-0173] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability," a different vulnerability than CVE-2012-0002.
14122| [CVE-2012-0167] Heap-based buffer overflow in the Office GDI+ library in Microsoft Office 2003 SP3 and 2007 SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted EMF image in an Office document, aka "GDI+ Heap Overflow Vulnerability."
14123| [CVE-2012-0165] GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1 does not properly validate record types in EMF images, which allows remote attackers to execute arbitrary code via a crafted image, aka "GDI+ Record Type Vulnerability."
14124| [CVE-2012-0163] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not properly validate function parameters, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Parameter Validation Vulnerability."
14125| [CVE-2012-0161] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly handle an unspecified exception during use of partially trusted assemblies to serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
14126| [CVE-2012-0160] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, 3.5.1, and 4 does not properly serialize input data, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP) or (2) a crafted .NET Framework application, aka ".NET Framework Serialization Vulnerability."
14127| [CVE-2012-0159] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview
14128| [CVE-2012-0158] The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX in the Common Controls in Microsoft Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14129| [CVE-2012-0157] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle window messaging, which allows local users to gain privileges via a crafted application that calls the PostMessage function, aka "PostMessage Function Vulnerability."
14130| [CVE-2012-0156] DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly render Unicode characters, which allows remote attackers to cause a denial of service (application hang) via a (1) instant message or (2) web site, aka "DirectWrite Application Denial of Service Vulnerability."
14131| [CVE-2012-0154] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers keyboard layout errors, aka "Keyboard Layout Use After Free Vulnerability."
14132| [CVE-2012-0152] The Remote Desktop Protocol (RDP) service in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (application hang) via a series of crafted packets, aka "Terminal Server Denial of Service Vulnerability."
14133| [CVE-2012-0151] The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute arbitrary code via a modified file with additional content, aka "WinVerifyTrust Signature Validation Vulnerability."
14134| [CVE-2012-0150] Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, aka "Msvcrt.dll Buffer Overflow Vulnerability."
14135| [CVE-2012-0149] afd.sys in the Ancillary Function Driver in Microsoft Windows Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
14136| [CVE-2012-0148] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "AfdPoll Elevation of Privilege Vulnerability."
14137| [CVE-2012-0143] Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly handle memory during the opening of files, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Memory Corruption Using Various Modified Bytes Vulnerability."
14138| [CVE-2012-0142] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14139| [CVE-2012-0141] Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1
14140| [CVE-2012-0015] Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate the length of an unspecified buffer, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Heap Corruption Vulnerability."
14141| [CVE-2012-0014] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.1.10111, does not properly restrict access to memory associated with unmanaged objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Unmanaged Objects Vulnerability."
14142| [CVE-2012-0013] Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
14143| [CVE-2012-0009] Untrusted search path vulnerability in the Windows Object Packager configuration in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse executable file in the current working directory, as demonstrated by a directory that contains a file with an embedded packaged object, aka "Object Packager Insecure Executable Launching Vulnerability."
14144| [CVE-2012-0008] Untrusted search path vulnerability in Microsoft Visual Studio 2008 SP1, 2010, and 2010 SP1 allows local users to gain privileges via a Trojan horse add-in in an unspecified directory, aka "Visual Studio Add-In Vulnerability."
14145| [CVE-2012-0006] The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 does not properly handle objects in memory during record lookup, which allows remote attackers to cause a denial of service (daemon restart) via a crafted query, aka "DNS Denial of Service Vulnerability."
14146| [CVE-2012-0005] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2, when a Chinese, Japanese, or Korean system locale is used, can access uninitialized memory during the processing of Unicode characters, which allows local users to gain privileges via a crafted application, aka "CSRSS Elevation of Privilege Vulnerability."
14147| [CVE-2012-0004] Unspecified vulnerability in DirectShow in DirectX in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted media file, related to Quartz.dll, Qdvd.dll, closed captioning, and the Line21 DirectShow filter, aka "DirectShow Remote Code Execution Vulnerability."
14148| [CVE-2012-0003] Unspecified vulnerability in winmm.dll in Windows Multimedia Library in Windows Media Player (WMP) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows remote attackers to execute arbitrary code via a crafted MIDI file, aka "MIDI Remote Code Execution Vulnerability."
14149| [CVE-2012-0002] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
14150| [CVE-2012-0001] The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly load structured exception handling tables, which allows context-dependent attackers to bypass the SafeSEH security feature by leveraging a Visual C++ .NET 2003 application, aka "Windows Kernel SafeSEH Bypass Vulnerability."
14151| [CVE-2011-5046] The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted data, as demonstrated by a large height attribute of an IFRAME element rendered by Safari, aka "GDI Access Violation Vulnerability."
14152| [CVE-2011-4434] Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the SANDBOX_INERT and LOAD_IGNORE_CODE_AUTHZ_LEVEL flags.
14153| [CVE-2011-3417] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
14154| [CVE-2011-3416] The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote authenticated users to obtain access to arbitrary user accounts via a crafted username, aka "ASP.Net Forms Authentication Bypass Vulnerability."
14155| [CVE-2011-3415] Open redirect vulnerability in the Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted return URL, aka "Insecure Redirect in .NET Form Authentication Vulnerability."
14156| [CVE-2011-3414] The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."
14157| [CVE-2011-3413] Microsoft PowerPoint 2007 SP2
14158| [CVE-2011-3412] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
14159| [CVE-2011-3411] Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
14160| [CVE-2011-3410] Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
14161| [CVE-2011-3408] Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Privilege Elevation Vulnerability."
14162| [CVE-2011-3406] Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
14163| [CVE-2011-3403] Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
14164| [CVE-2011-3402] Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
14165| [CVE-2011-3400] Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
14166| [CVE-2011-3397] The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
14167| [CVE-2011-3396] Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
14168| [CVE-2011-2019] Untrusted search path vulnerability in Microsoft Internet Explorer 9 on Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an HTML file, aka "Internet Explorer Insecure Library Loading Vulnerability."
14169| [CVE-2011-2018] The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, and Windows 7 Gold and SP1 does not properly initialize objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
14170| [CVE-2011-2016] Untrusted search path vulnerability in Windows Mail and Windows Meeting Space in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .eml or .wcinv file, aka "Windows Mail Insecure Library Loading Vulnerability."
14171| [CVE-2011-2014] The LDAP over SSL (aka LDAPS) implementation in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not examine Certificate Revocation Lists (CRLs), which allows remote authenticated users to bypass intended certificate restrictions and access Active Directory resources by leveraging a revoked X.509 certificate for a domain account, aka "LDAPS Authentication Bypass Vulnerability."
14172| [CVE-2011-2013] Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
14173| [CVE-2011-2011] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
14174| [CVE-2011-2008] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Access of Unallocated Memory DoS Vulnerability."
14175| [CVE-2011-2007] Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and 2010 allows remote attackers to cause a denial of service (SNA Server service outage) via crafted TCP or UDP traffic, aka "Endless Loop DoS in snabase.exe Vulnerability."
14176| [CVE-2011-2005] afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
14177| [CVE-2011-2004] Array index error in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a crafted TrueType font file, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2011-3402.
14178| [CVE-2011-2003] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .fon file, aka "Font Library File Buffer Overrun Vulnerability."
14179| [CVE-2011-2002] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle TrueType fonts, which allows local users to cause a denial of service (system hang) via a crafted font file, aka "Win32k TrueType Font Type Translation Vulnerability."
14180| [CVE-2011-1991] Multiple untrusted search path vulnerabilities in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .rtf, or .txt file, related to (1) deskpan.dll in the Display Panning CPL Extension, (2) EAPHost Authenticator Service, (3) Folder Redirection, (4) HyperTerminal, (5) the Japanese Input Method Editor (IME), and (6) Microsoft Management Console (MMC), aka "Windows Components Insecure Library Loading Vulnerability."
14181| [CVE-2011-1990] Microsoft Excel 2007 SP2
14182| [CVE-2011-1989] Microsoft Excel 2003 SP3 and 2007 SP2
14183| [CVE-2011-1988] Microsoft Excel 2003 SP3 and 2007 SP2
14184| [CVE-2011-1987] Array index error in Microsoft Excel 2003 SP3 and 2007 SP2
14185| [CVE-2011-1986] Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Use after Free WriteAV Vulnerability."
14186| [CVE-2011-1985] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
14187| [CVE-2011-1984] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
14188| [CVE-2011-1983] Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, Office 2010 Gold and SP1, and Office for Mac 2011 allows remote attackers to execute arbitrary code via a crafted Word document, aka "Word Use After Free Vulnerability."
14189| [CVE-2011-1982] Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize an unspecified object pointer during the opening of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Office Uninitialized Object Pointer Vulnerability."
14190| [CVE-2011-1980] Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
14191| [CVE-2011-1979] Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
14192| [CVE-2011-1978] Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly validate the System.Net.Sockets trust level, which allows remote attackers to obtain sensitive information or trigger arbitrary outbound network traffic via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Socket Restriction Bypass Vulnerability."
14193| [CVE-2011-1976] Cross-site scripting (XSS) vulnerability in the Report Viewer Control in Microsoft Visual Studio 2005 SP1 and Report Viewer 2005 SP1 allows remote attackers to inject arbitrary web script or HTML via a parameter in a data source, aka "Report Viewer Controls XSS Vulnerability."
14194| [CVE-2011-1975] Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
14195| [CVE-2011-1974] NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
14196| [CVE-2011-1972] Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
14197| [CVE-2011-1971] The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse file metadata, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Metadata Parsing DOS Vulnerability."
14198| [CVE-2011-1970] The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server 2008 SP2, R2, and R2 SP1 does not properly initialize memory, which allows remote attackers to cause a denial of service (service outage) via a query for a nonexistent domain, aka "DNS Uninitialized Memory Corruption Vulnerability."
14199| [CVE-2011-1968] The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly process packets in memory, which allows remote attackers to cause a denial of service (reboot) by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, as exploited in the wild in 2011, aka "Remote Desktop Protocol Vulnerability."
14200| [CVE-2011-1967] Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly check permissions for sending inter-process device-event messages from low-integrity processes to high-integrity processes, which allows local users to gain privileges via a crafted application, aka "CSRSS Vulnerability."
14201| [CVE-2011-1966] The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
14202| [CVE-2011-1965] Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 does not properly implement URL-based QoS, which allows remote attackers to cause a denial of service (reboot) via a crafted URL to a web server, aka "TCP/IP QOS Denial of Service Vulnerability."
14203| [CVE-2011-1894] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for embedded content in an HTML document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted EMBED element in a web page that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
14204| [CVE-2011-1893] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010, Windows SharePoint Services 2.0 and 3.0 SP2, and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "SharePoint XSS Vulnerability."
14205| [CVE-2011-1892] Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and SP1, Office Forms Server 2007 SP2, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Office Groove Data Bridge Server 2007 SP2, Office Groove Management Server 2007 SP2, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, and Office Web Apps 2010 Gold and SP1 do not properly handle Web Parts containing XML classes referencing external entities, which allows remote authenticated users to read arbitrary files via a crafted XML and XSL file, aka "SharePoint Remote File Disclosure Vulnerability."
14206| [CVE-2011-1888] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
14207| [CVE-2011-1887] win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
14208| [CVE-2011-1885] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
14209| [CVE-2011-1884] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14210| [CVE-2011-1883] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14211| [CVE-2011-1882] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14212| [CVE-2011-1881] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
14213| [CVE-2011-1880] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Null Pointer De-reference Vulnerability."
14214| [CVE-2011-1879] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14215| [CVE-2011-1878] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14216| [CVE-2011-1877] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, aka "Win32k Use After Free Vulnerability."
14217| [CVE-2011-1876] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14218| [CVE-2011-1875] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14219| [CVE-2011-1874] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other CVEs listed in MS11-054, aka "Win32k Use After Free Vulnerability."
14220| [CVE-2011-1873] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
14221| [CVE-2011-1872] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
14222| [CVE-2011-1871] Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (reboot) via a series of crafted ICMP messages, aka "ICMP Denial of Service Vulnerability."
14223| [CVE-2011-1870] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutputString Vulnerability."
14224| [CVE-2011-1869] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote DFS servers to cause a denial of service (system hang) via a crafted referral response, aka "DFS Referral Response Vulnerability."
14225| [CVE-2011-1868] The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
14226| [CVE-2011-1508] Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly manage memory allocations for function pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted Publisher file, aka "Publisher Function Pointer Overwrite Vulnerability."
14227| [CVE-2011-1284] Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvWriteConsoleOutput Vulnerability."
14228| [CVE-2011-1283] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 does not ensure that an unspecified array index has a non-negative value before performing read and write operations, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleNumberOfCommand Vulnerability."
14229| [CVE-2011-1282] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly initialize memory and consequently uses a NULL pointer in an unspecified function call, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP SrvSetConsoleLocalEUDC Vulnerability."
14230| [CVE-2011-1281] The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly restrict the number of console objects for a process, which allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted application that triggers an incorrect memory assignment for a user transaction, aka "CSRSS Local EOP AllocConsole Vulnerability."
14231| [CVE-2011-1280] The XML Editor in Microsoft InfoPath 2007 SP2 and 2010
14232| [CVE-2011-1279] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Out of Bounds WriteAV Vulnerability."
14233| [CVE-2011-1278] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel WriteAV Vulnerability."
14234| [CVE-2011-1277] Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information during parsing of Excel spreadsheets, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted spreadsheet, aka "Excel Memory Corruption Vulnerability."
14235| [CVE-2011-1276] Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
14236| [CVE-2011-1275] Microsoft Excel 2002 SP3
14237| [CVE-2011-1274] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
14238| [CVE-2011-1273] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14239| [CVE-2011-1272] Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
14240| [CVE-2011-1270] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Presentation Buffer Overrun RCE Vulnerability."
14241| [CVE-2011-1269] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
14242| [CVE-2011-1268] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Response Parsing Vulnerability."
14243| [CVE-2011-1267] The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 request, aka "SMB Request Parsing Vulnerability."
14244| [CVE-2011-1264] Cross-site scripting (XSS) vulnerability in Active Directory Certificate Services Web Enrollment in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "Active Directory Certificate Services Vulnerability."
14245| [CVE-2011-1263] Cross-site scripting (XSS) vulnerability in the logon page in Remote Desktop Web Access (RD Web Access) in Microsoft Windows Server 2008 R2 and R2 SP1 allows remote attackers to inject arbitrary web script or HTML via the URI, aka "Remote Desktop Web Access Vulnerability."
14246| [CVE-2011-1253] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and Silverlight 4 before 4.0.60831, does not properly restrict inheritance, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Class Inheritance Vulnerability."
14247| [CVE-2011-1252] Cross-site scripting (XSS) vulnerability in the SafeHTML function in the toStaticHTML API in Microsoft Internet Explorer 7 and 8, Office SharePoint Server 2007 SP2, Office SharePoint Server 2010 Gold and SP1, Groove Server 2010 Gold and SP1, Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified strings, aka "toStaticHTML Information Disclosure Vulnerability" or "HTML Sanitization Vulnerability."
14248| [CVE-2011-1249] The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
14249| [CVE-2011-1248] WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, R2, and R2 SP1 does not properly handle socket send exceptions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted packets, related to unintended stack-frame values and buffer passing, aka "WINS Service Failed Response Vulnerability."
14250| [CVE-2011-1247] Untrusted search path vulnerability in the Microsoft Active Accessibility component in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Active Accessibility Insecure Library Loading Vulnerability."
14251| [CVE-2011-1242] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14252| [CVE-2011-1241] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14253| [CVE-2011-1240] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14254| [CVE-2011-1239] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14255| [CVE-2011-1238] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14256| [CVE-2011-1237] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14257| [CVE-2011-1236] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14258| [CVE-2011-1235] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14259| [CVE-2011-1234] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14260| [CVE-2011-1233] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14261| [CVE-2011-1232] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14262| [CVE-2011-1231] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14263| [CVE-2011-1230] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14264| [CVE-2011-1229] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14265| [CVE-2011-1228] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14266| [CVE-2011-1227] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14267| [CVE-2011-1226] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14268| [CVE-2011-1225] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14269| [CVE-2011-0980] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse Office Art objects, which allows remote attackers to execute arbitrary code via vectors related to a function pointer, aka "Excel Dangling Pointer Vulnerability."
14270| [CVE-2011-0979] Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14271| [CVE-2011-0978] Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2
14272| [CVE-2011-0977] Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via malformed shape data in the Office drawing file format, aka "Microsoft Office Graphic Object Dereferencing Vulnerability."
14273| [CVE-2011-0976] Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2
14274| [CVE-2011-0677] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14275| [CVE-2011-0676] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, a different vulnerability than other "Vulnerability Type 2" CVEs listed in MS11-034, aka "Win32k Null Pointer De-reference Vulnerability."
14276| [CVE-2011-0675] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14277| [CVE-2011-0674] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14278| [CVE-2011-0672] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14279| [CVE-2011-0671] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14280| [CVE-2011-0670] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14281| [CVE-2011-0667] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14282| [CVE-2011-0666] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14283| [CVE-2011-0665] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14284| [CVE-2011-0664] Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and 4.0, and Silverlight 4 before 4.0.60531.0, does not properly validate arguments to unspecified networking API functions, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, (3) a crafted .NET Framework application, or (4) a crafted Silverlight application, aka ".NET Framework Array Offset Vulnerability."
14285| [CVE-2011-0662] Use-after-free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows local users to gain privileges via a crafted application that leverages incorrect driver object management, a different vulnerability than other "Vulnerability Type 1" CVEs listed in MS11-034, aka "Win32k Use After Free Vulnerability."
14286| [CVE-2011-0661] The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate fields in SMB requests, which allows remote attackers to execute arbitrary code via a malformed request in a (1) SMBv1 or (2) SMBv2 packet, aka "SMB Transaction Parsing Vulnerability."
14287| [CVE-2011-0660] The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote SMB servers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Response Parsing Vulnerability."
14288| [CVE-2011-0658] Integer underflow in the OLE Automation protocol implementation in VBScript.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted WMF file, aka "OLE Automation Underflow Vulnerability."
14289| [CVE-2011-0657] DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process DNS queries, which allows remote attackers to execute arbitrary code via (1) a crafted LLMNR broadcast query or (2) a crafted application, aka "DNS Query Vulnerability."
14290| [CVE-2011-0656] Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14291| [CVE-2011-0655] Microsoft PowerPoint 2007 SP2 and 2010
14292| [CVE-2011-0654] Integer underflow in the BowserWriteErrorLogEntry function in the Common Internet File System (CIFS) browser service in Mrxsmb.sys or bowser.sys in Active Directory in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a malformed BROWSER ELECTION message, leading to a heap-based buffer overflow, aka "Browser Pool Corruption Vulnerability." NOTE: some of these details are obtained from third party information.
14293| [CVE-2011-0107] Untrusted search path vulnerability in Microsoft Office XP SP3, Office 2003 SP3, and Office 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .docx file, aka "Office Component Insecure Library Loading Vulnerability."
14294| [CVE-2011-0105] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
14295| [CVE-2011-0104] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HLink record in an Excel file, aka "Excel Buffer Overwrite Vulnerability."
14296| [CVE-2011-0103] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted record information in an Excel file, aka "Excel Memory Corruption Vulnerability."
14297| [CVE-2011-0101] Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted RealTimeData record, related to a stTopic field, doubly-byte characters, and an incorrect pointer calculation, aka "Excel Record Parsing WriteAV Vulnerability."
14298| [CVE-2011-0098] Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14299| [CVE-2011-0097] Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14300| [CVE-2011-0096] The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly handle a MIME format in a request for content blocks in a document, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site that is visited in Internet Explorer, aka "MHTML Mime-Formatted Request Vulnerability."
14301| [CVE-2011-0093] ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a file containing a malformed structure, aka "Visio Data Type Memory Corruption Vulnerability."
14302| [CVE-2011-0092] The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed VisioDocument stream that triggers an exception handler that accesses an object that has not been fully initialized, which triggers memory corruption, aka "Visio Object Memory Corruption Vulnerability."
14303| [CVE-2011-0091] Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not prevent a session from changing from strong encryption to DES encryption, which allows man-in-the-middle attackers to spoof network traffic and obtain sensitive information via a DES downgrade, aka "Kerberos Spoofing Vulnerability."
14304| [CVE-2011-0090] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
14305| [CVE-2011-0089] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Improper Pointer Validation Vulnerability."
14306| [CVE-2011-0088] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Window Class Pointer Confusion Vulnerability."
14307| [CVE-2011-0087] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient User Input Validation Vulnerability."
14308| [CVE-2011-0086] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Improper User Input Validation Vulnerability."
14309| [CVE-2011-0043] Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 supports weak hashing algorithms, which allows local users to gain privileges by operating a service that sends crafted service tickets, as demonstrated by the CRC32 algorithm, aka "Kerberos Unkeyed Checksum Vulnerability."
14310| [CVE-2011-0042] SBE.dll in the Stream Buffer Engine in Windows Media Player and Windows Media Center in Microsoft Windows XP SP2 and SP3, Windows XP Media Center Edition 2005 SP3, Windows Vista SP1 and SP2, Windows 7 Gold and SP1, and Windows Media Center TV Pack for Windows Vista does not properly parse Digital Video Recording (.dvr-ms) files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DVR-MS Vulnerability."
14311| [CVE-2011-0041] Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted EMF image, aka "GDI+ Integer Overflow Vulnerability."
14312| [CVE-2011-0040] The server in Microsoft Active Directory on Windows Server 2003 SP2 does not properly handle an update request for a service principal name (SPN), which allows remote attackers to cause a denial of service (authentication downgrade or outage) via a crafted request that triggers name collisions, aka "Active Directory SPN Validation Vulnerability."
14313| [CVE-2011-0039] The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation Vulnerability."
14314| [CVE-2011-0034] Stack-based buffer overflow in the OpenType Compact Font Format (aka OTF or CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted parameter values in an OpenType font, aka "OpenType Font Stack Overflow Vulnerability."
14315| [CVE-2011-0033] The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate parameter values in OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted font, aka "OpenType Font Encoded Character Vulnerability."
14316| [CVE-2011-0032] Untrusted search path vulnerability in DirectShow in Microsoft Windows Vista SP1 and SP2, Windows 7 Gold and SP1, Windows Server 2008 R2 and R2 SP1, and Windows Media Center TV Pack for Windows Vista allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Digital Video Recording (.dvr-ms), Windows Recorded TV Show (.wtv), or .mpg file, aka "DirectShow Insecure Library Loading Vulnerability."
14317| [CVE-2011-0031] The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, aka "Scripting Engines Information Disclosure Vulnerability."
14318| [CVE-2011-0030] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Elevation of Privilege Vulnerability," a different vulnerability than CVE-2010-0023.
14319| [CVE-2011-0028] WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse fields in Word documents, which allows remote attackers to execute arbitrary code via a crafted .doc file, aka "WordPad Converter Parsing Vulnerability."
14320| [CVE-2010-5082] Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in the Color Control Panel in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges via a Trojan horse sti.dll file in the current working directory, as demonstrated by a directory that contains a .camp, .cdmp, .gmmp, .icc, or .icm file, aka "Color Control Panel Insecure Library Loading Vulnerability."
14321| [CVE-2010-4701] Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Edition SP2, and Windows 7 Professional allows remote attackers to execute arbitrary code via a long record in a Fax Cover Page (.cov) file. NOTE: some of these details are obtained from third party information.
14322| [CVE-2010-4669] The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Microsoft Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 allows remote attackers to cause a denial of service (CPU consumption and system hang) by sending many Router Advertisement (RA) messages with different source addresses, as demonstrated by the flood_router6 program in the thc-ipv6 package.
14323| [CVE-2010-4562] Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a typo, some sources map CVE-2010-4562 to a ProFTPd mod_sql vulnerability, but that issue is covered by CVE-2010-4652.
14324| [CVE-2010-4398] Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges, and bypass the User Account Control (UAC) feature, via a crafted REG_BINARY value for a SystemDefaultEUDCFont registry key, aka "Driver Improper Interaction with Windows Kernel Vulnerability."
14325| [CVE-2010-4182] Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown
14326| [CVE-2010-3974] fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly parse FAX cover pages, which allows remote attackers to execute arbitrary code via a crafted .cov file, aka "Fax Cover Page Editor Memory Corruption Vulnerability."
14327| [CVE-2010-3970] Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
14328| [CVE-2010-3966] Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
14329| [CVE-2010-3965] Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
14330| [CVE-2010-3964] Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."
14331| [CVE-2010-3963] Buffer overflow in the Routing and Remote Access NDProxy component in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, related to the Routing and Remote Access service (RRAS) and improper copying from user mode to the kernel, aka "Kernel NDProxy Buffer Overflow Vulnerability."
14332| [CVE-2010-3961] The Consent User Interface (UI) in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle an unspecified registry-key value, which allows local users with SeImpersonatePrivilege rights to gain privileges via a crafted application, aka "Consent UI Impersonation Vulnerability."
14333| [CVE-2010-3960] Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows guest OS users to cause a denial of service (host OS hang) by sending a crafted encapsulated packet over the VMBus, aka "Hyper-V VMBus Vulnerability."
14334| [CVE-2010-3959] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted CMAP table in an OpenType font, aka "OpenType CMAP Table Vulnerability."
14335| [CVE-2010-3958] The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
14336| [CVE-2010-3957] Double free vulnerability in the OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Double Free Vulnerability."
14337| [CVE-2010-3956] The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
14338| [CVE-2010-3955] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
14339| [CVE-2010-3954] Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
14340| [CVE-2010-3946] Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
14341| [CVE-2010-3945] Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
14342| [CVE-2010-3944] win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
14343| [CVE-2010-3943] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly link driver objects, which allows local users to gain privileges via a crafted application that triggers linked-list corruption, aka "Win32k Cursor Linking Vulnerability."
14344| [CVE-2010-3942] win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for copies from user mode, which allows local users to gain privileges via a crafted application, aka "Win32k WriteAV Vulnerability."
14345| [CVE-2010-3941] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold and SP2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k Double Free Vulnerability."
14346| [CVE-2010-3940] Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a crafted application, aka "Win32k PFE Pointer Double Free Vulnerability."
14347| [CVE-2010-3939] Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via vectors related to improper memory allocation for copies from user mode, aka "Win32k Buffer Overflow Vulnerability."
14348| [CVE-2010-3937] Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."
14349| [CVE-2010-3338] The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the security context of scheduled tasks, which allows local users to gain privileges via a crafted application, aka "Task Scheduler Vulnerability." NOTE: this might overlap CVE-2010-3888.
14350| [CVE-2010-3337] Untrusted search path vulnerability in Microsoft Office 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "Insecure Library Loading Vulnerability." NOTE: this might overlap CVE-2010-3141 and CVE-2010-3142.
14351| [CVE-2010-3336] Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."
14352| [CVE-2010-3335] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "Drawing Exception Handling Vulnerability."
14353| [CVE-2010-3334] Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via an Office document containing an Office Art Drawing record with crafted msofbtSp records and unspecified flags, which triggers memory corruption, aka "Office Art Drawing Records Vulnerability."
14354| [CVE-2010-3333] Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
14355| [CVE-2010-3332] Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, 3.5.1, and 4.0, as used for ASP.NET in Microsoft Internet Information Services (IIS), provides detailed error codes during decryption attempts, which allows remote attackers to decrypt and modify encrypted View State (aka __VIEWSTATE) form data, and possibly forge cookies or read application files, via a padding oracle attack, aka "ASP.NET Padding Oracle Vulnerability."
14356| [CVE-2010-3324] The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
14357| [CVE-2010-3243] Cross-site scripting (XSS) vulnerability in the toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2 and Office SharePoint Server 2007 SP2, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "HTML Sanitization Vulnerability."
14358| [CVE-2010-3242] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Ghost Record Type Parsing Vulnerability."
14359| [CVE-2010-3241] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out-of-Bounds Memory Write in Parsing Vulnerability."
14360| [CVE-2010-3240] Microsoft Excel 2002 SP3 and 2007 SP2
14361| [CVE-2010-3239] Microsoft Excel 2002 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Extra Out of Boundary Record Parsing Vulnerability."
14362| [CVE-2010-3238] Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does not properly validate binary file-format information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Negative Future Function Vulnerability."
14363| [CVE-2010-3237] Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Merge Cell Record Pointer Vulnerability."
14364| [CVE-2010-3236] Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Out Of Bounds Array Vulnerability."
14365| [CVE-2010-3235] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Biff Record Vulnerability."
14366| [CVE-2010-3234] Microsoft Excel 2002 SP3 does not properly validate formula information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Formula Substream Memory Corruption Vulnerability."
14367| [CVE-2010-3233] Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted .wk3 (aka Lotus 1-2-3 workbook) file, aka "Lotus 1-2-3 Workbook Parsing Vulnerability."
14368| [CVE-2010-3232] Microsoft Excel 2003 SP3 and 2007 SP2
14369| [CVE-2010-3231] Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly validate record information, which allows remote attackers to execute arbitrary code via a crafted Excel document, aka "Excel Record Parsing Memory Corruption Vulnerability."
14370| [CVE-2010-3230] Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel document with crafted record information, aka "Excel Record Parsing Integer Overflow Vulnerability."
14371| [CVE-2010-3229] The Secure Channel (aka SChannel) security package in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when IIS 7.x is used, does not properly process client certificates during SSL and TLS handshakes, which allows remote attackers to cause a denial of service (LSASS outage and reboot) via a crafted packet, aka "TLSv1 Denial of Service Vulnerability."
14372| [CVE-2010-3227] Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
14373| [CVE-2010-3223] The user interface in Microsoft Cluster Service (MSCS) in Microsoft Windows Server 2008 R2 does not properly set administrative-share permissions for new cluster disks that are shared as part of a failover cluster, which allows remote attackers to read or modify data on these disks via requests to the associated share, aka "Permissions on New Cluster Disks Vulnerability."
14374| [CVE-2010-3222] Stack-based buffer overflow in the Remote Procedure Call Subsystem (RPCSS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted LPC message that requests an LRPC connection from an LPC server to a client, aka "LPC Message Buffer Overrun Vulnerability."
14375| [CVE-2010-3221] Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word Viewer do not properly handle a malformed record during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Parsing Vulnerability."
14376| [CVE-2010-3220] Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Parsing Vulnerability."
14377| [CVE-2010-3219] Array index vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Parsing Vulnerability."
14378| [CVE-2010-3218] Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via malformed records in a Word document, aka "Word Heap Overflow Vulnerability."
14379| [CVE-2010-3217] Double free vulnerability in Microsoft Word 2002 SP3 allows remote attackers to execute arbitrary code via a Word document with crafted List Format Override (LFO) records, aka "Word Pointer Vulnerability."
14380| [CVE-2010-3216] Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a crafted Word document containing bookmarks that trigger use of an invalid pointer and memory corruption, aka "Word Bookmarks Vulnerability."
14381| [CVE-2010-3215] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle unspecified return values during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Return Value Vulnerability."
14382| [CVE-2010-3214] Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 SP2, and 2010
14383| [CVE-2010-3213] Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook Web Access (owa/ev.owa) 2007 through SP2 allows remote attackers to hijack the authentication of e-mail users for requests that perform Outlook requests, as demonstrated by setting the auto-forward rule.
14384| [CVE-2010-3200] MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote attackers to cause a denial of service (NULL pointer dereference and multiple-instance application crash) via a crafted buffer in a Word document, as demonstrated by word_crash_11.8326.8324_poc.doc.
14385| [CVE-2010-3190] Untrusted search path vulnerability in the Microsoft Foundation Class (MFC) Library in Microsoft Visual Studio .NET 2003 SP1
14386| [CVE-2010-3148] Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
14387| [CVE-2010-3147] Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
14388| [CVE-2010-3146] Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
14389| [CVE-2010-3144] Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
14390| [CVE-2010-3142] Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
14391| [CVE-2010-2750] Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Word document that triggers memory corruption, aka "Word Index Vulnerability."
14392| [CVE-2010-2748] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check an unspecified boundary during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Boundary Check Vulnerability."
14393| [CVE-2010-2747] Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle an uninitialized pointer during parsing of a Word document, which allows remote attackers to execute arbitrary code via a crafted document that triggers memory corruption, aka "Word Uninitialized Pointer Vulnerability."
14394| [CVE-2010-2746] Heap-based buffer overflow in Comctl32.dll (aka the common control library) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when a third-party SVG viewer is used, allows remote attackers to execute arbitrary code via a crafted HTML document that triggers unspecified messages from this viewer, aka "Comctl32 Heap Overflow Vulnerability."
14395| [CVE-2010-2744] The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
14396| [CVE-2010-2742] The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, and R2, when the domain controller role is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and reboot) via a crafted RPC packet, aka "Netlogon RPC Null dereference DOS Vulnerability."
14397| [CVE-2010-2741] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 performs an incorrect integer calculation during font processing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Validation Vulnerability."
14398| [CVE-2010-2740] The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly perform memory allocation during font parsing, which allows local users to gain privileges via a crafted application, aka "OpenType Font Parsing Vulnerability."
14399| [CVE-2010-2739] Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard operation (GetClipboardData API function) with a crafted bitmap with a palette that contains a large number of colors.
14400| [CVE-2010-2738] The Uniscribe (aka new Unicode Script Processor) implementation in USP10.DLL in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2, and Microsoft Office XP SP3, 2003 SP3, and 2007 SP2, does not properly validate tables associated with malformed OpenType fonts, which allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) Office document, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
14401| [CVE-2010-2729] The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, when printer sharing is enabled, does not properly validate spooler access permissions, which allows remote attackers to create files in a system directory, and consequently execute arbitrary code, by sending a crafted print request over RPC, as exploited in the wild in September 2010, aka "Print Spooler Service Impersonation Vulnerability."
14402| [CVE-2010-2728] Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, and 2007 SP2, when Online Mode for an Exchange Server is enabled, allows remote attackers to execute arbitrary code via a crafted e-mail message, aka "Heap Based Buffer Overflow in Outlook Vulnerability."
14403| [CVE-2010-2573] Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, PowerPoint Viewer SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Integer Underflow Causes Heap Corruption Vulnerability."
14404| [CVE-2010-2572] Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint 95 document, aka "PowerPoint Parsing Buffer Overflow Vulnerability."
14405| [CVE-2010-2571] Array index error in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher 97 file, aka "Memory Corruption Due To Invalid Index Into Array in Pubconv.dll Vulnerability."
14406| [CVE-2010-2570] Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, 2007 SP2, and 2010 allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Heap Overrun in pubconv.dll Vulnerability."
14407| [CVE-2010-2569] pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3, 2003 SP3, and 2007 SP2 does not properly handle an unspecified size field in certain older file formats, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted Publisher file, aka "Size Value Heap Corruption in pubconv.dll Vulnerability."
14408| [CVE-2010-2568] Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
14409| [CVE-2010-2567] The RPC client implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly allocate memory during the parsing of responses, which allows remote RPC servers and man-in-the-middle attackers to execute arbitrary code via a malformed response, aka "RPC Memory Corruption Vulnerability."
14410| [CVE-2010-2566] The Secure Channel (aka SChannel) security package in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, does not properly validate certificate request messages from TLS and SSL servers, which allows remote servers to execute arbitrary code via a crafted SSL response, aka "SChannel Malformed Certificate Request Remote Code Execution Vulnerability."
14411| [CVE-2010-2563] The Word 97 text converter in the WordPad Text Converters in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly parse malformed structures in Word 97 documents, which allows remote attackers to execute arbitrary code via a crafted document containing an unspecified value that is used in a loop counter, aka "WordPad Word 97 Text Converter Memory Corruption Vulnerability."
14412| [CVE-2010-2562] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Excel file, aka "Excel Memory Corruption Vulnerability."
14413| [CVE-2010-2555] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly determine the length of strings in the registry, which allows local users to gain privileges or cause a denial of service (memory corruption) via vectors involving a long string, aka "Tracing Memory Corruption Vulnerability."
14414| [CVE-2010-2554] The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
14415| [CVE-2010-2552] Stack consumption vulnerability in the SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (system hang) via a malformed SMBv2 compounded request, aka "SMB Stack Exhaustion Vulnerability."
14416| [CVE-2010-2551] The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate an internal variable in an SMB packet, which allows remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 packet, aka "SMB Variable Validation Vulnerability."
14417| [CVE-2010-2550] The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
14418| [CVE-2010-2549] Use-after-free vulnerability in the kernel-mode drivers in Microsoft Windows Vista SP1 and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges or cause a denial of service (system crash) by using a large number of calls to the NtUserCheckAccessForIntegrityLevel function to trigger a failure in the LockProcessByClientId function, leading to deletion of an in-use process object, aka "Win32k Reference Count Vulnerability."
14419| [CVE-2010-2265] Cross-site scripting (XSS) vulnerability in the GetServerName function in sysinfo/commonFunc.js in Microsoft Windows Help and Support Center for Windows XP and Windows Server 2003 allows remote attackers to inject arbitrary web script or HTML via the svr parameter to sysinfo/sysinfomain.htm. NOTE: this can be leveraged with CVE-2010-1885 to execute arbitrary commands without user interaction.
14420| [CVE-2010-2091] Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
14421| [CVE-2010-2084] Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to an attribute.
14422| [CVE-2010-1903] Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed record in a Word file, aka "Word HTML Linked Objects Memory Corruption Vulnerability."
14423| [CVE-2010-1902] Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
14424| [CVE-2010-1901] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
14425| [CVE-2010-1900] Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2
14426| [CVE-2010-1898] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, 2.0 SP2, 3.5, 3.5 SP1, and 3.5.1, and Microsoft Silverlight 2 and 3 before 3.0.50611.0 on Windows and before 3.0.41130.0 on Mac OS X, does not properly handle interfaces and delegations to virtual methods, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Virtual Method Delegate Vulnerability."
14427| [CVE-2010-1897] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
14428| [CVE-2010-1896] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 do not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k User Input Validation Vulnerability."
14429| [CVE-2010-1895] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly perform memory allocation before copying user-mode data to kernel mode, which allows local users to gain privileges via a crafted application, aka "Win32k Pool Overflow Vulnerability."
14430| [CVE-2010-1894] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, and Windows Server 2003 SP2, do not properly handle unspecified exceptions, which allows local users to gain privileges via a crafted application, aka "Win32k Exception Handling Vulnerability."
14431| [CVE-2010-1893] Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, Windows Server 2008 Gold and R2, and Windows 7 allows local users to gain privileges via a buffer of user-mode data that is copied to kernel mode, aka "Integer Overflow in Windows Networking Vulnerability."
14432| [CVE-2010-1892] The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly handle malformed IPv6 packets, which allows remote attackers to cause a denial of service (system hang) via multiple crafted packets, aka "IPv6 Memory Corruption Vulnerability."
14433| [CVE-2010-1891] The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2, when a Chinese, Japanese, or Korean locale is enabled, does not properly allocate memory for transactions, which allows local users to gain privileges via a crafted application, aka "CSRSS Local Elevation of Privilege Vulnerability."
14434| [CVE-2010-1890] The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate ACLs on kernel objects, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Improper Validation Vulnerability."
14435| [CVE-2010-1889] Double free vulnerability in the kernel in Microsoft Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2, allows local users to gain privileges via a crafted application, related to object initialization during error handling, aka "Windows Kernel Double Free Vulnerability."
14436| [CVE-2010-1887] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate an unspecified system-call argument, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Win32k Bounds Checking Vulnerability."
14437| [CVE-2010-1886] Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes, and related to the Windows Service Isolation feature. NOTE: the vendor states that privilege escalation from NetworkService to LocalSystem does not cross a "security boundary."
14438| [CVE-2010-1885] The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
14439| [CVE-2010-1883] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted table in an embedded font, aka "Embedded OpenType Font Integer Overflow Vulnerability."
14440| [CVE-2010-1882] Multiple buffer overflows in the MPEG Layer-3 Audio Codec for Microsoft DirectShow in l3codecx.ax in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote attackers to execute arbitrary code via an MPEG Layer-3 audio stream in (1) a crafted media file or (2) crafted streaming content, aka "MPEG Layer-3 Audio Decoder Buffer Overflow Vulnerability."
14441| [CVE-2010-1881] The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability."
14442| [CVE-2010-1880] Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1, and Server 2008 allows remote attackers to execute arbitrary code via a media file with crafted compression data, aka "MJPEG Media Decompression Vulnerability."
14443| [CVE-2010-1735] The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x4c value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
14444| [CVE-2010-1734] The SfnINSTRING function in win32k.sys in the kernel in Microsoft Windows 2000, XP, and Server 2003 allows local users to cause a denial of service (system crash) via a 0x18d value in the second argument (aka the Msg argument) of a PostMessage function call for the DDEMLEvent window.
14445| [CVE-2010-1690] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 does not verify that transaction IDs of responses match transaction IDs of queries, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
14446| [CVE-2010-1689] The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in Microsoft Windows 2000 SP4 and earlier, Windows XP SP3 and earlier, Windows Server 2003 SP2 and earlier, Windows Server 2008 SP2 and earlier, Windows Server 2008 R2, Exchange Server 2003 SP3 and earlier, Exchange Server 2007 SP2 and earlier, and Exchange Server 2010 uses predictable transaction IDs that are formed by incrementing a previous ID by 1, which makes it easier for man-in-the-middle attackers to spoof DNS responses, a different vulnerability than CVE-2010-0024 and CVE-2010-0025.
14447| [CVE-2010-1263] Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7
14448| [CVE-2010-1257] Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as used in Microsoft Office InfoPath 2003 SP3, 2007 SP1, and 2007 SP2
14449| [CVE-2010-1255] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 allows local users to execute arbitrary code via vectors related to "glyph outline information" and TrueType fonts, aka "Win32k TrueType Font Parsing Vulnerability."
14450| [CVE-2010-1253] Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2
14451| [CVE-2010-1252] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel String Variable Vulnerability."
14452| [CVE-2010-1251] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Excel file, aka "Excel Record Stack Corruption Vulnerability."
14453| [CVE-2010-1250] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with malformed (1) EDG (0x88) and (2) Publisher (0x89) records, aka "Excel EDG Memory Corruption Vulnerability."
14454| [CVE-2010-1249] Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed ExternName (0x23) record, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1247.
14455| [CVE-2010-1248] Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed HFPicture (0x866) record, aka "Excel HFPicture Memory Corruption Vulnerability."
14456| [CVE-2010-1247] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record that triggers heap corruption, aka "Excel Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0823 and CVE-2010-1249.
14457| [CVE-2010-1246] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows remote attackers to execute arbitrary code via an Excel file with a malformed RTD (0x813) record, aka "Excel RTD Memory Corruption Vulnerability."
14458| [CVE-2010-1245] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed SxView (0xB0) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0824 and CVE-2010-0821.
14459| [CVE-2010-1225] The memory-management implementation in the Virtual Machine Monitor (aka VMM or hypervisor) in Microsoft Virtual PC 2007 Gold and SP1, Virtual Server 2005 Gold and R2 SP1, and Windows Virtual PC does not properly restrict access from the guest OS to memory locations in the VMM work area, which allows context-dependent attackers to bypass certain anti-exploitation protection mechanisms on the guest OS via crafted input to a vulnerable application. NOTE: the vendor reportedly found that only systems with an otherwise vulnerable application are affected, because "the memory areas accessible from the guest cannot be leveraged to achieve either remote code execution or elevation of privilege and ... no data from the host is exposed to the guest OS."
14460| [CVE-2010-1175] Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
14461| [CVE-2010-0917] Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, might allow user-assisted remote attackers to execute arbitrary code via a long string in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution when the F1 key is pressed, a different vulnerability than CVE-2010-0483.
14462| [CVE-2010-0824] Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Excel file with a malformed WOPT (0x80B) record, aka "Excel Record Memory Corruption Vulnerability," a different vulnerability than CVE-2010-0821 and CVE-2010-1245.
14463| [CVE-2010-0823] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
14464| [CVE-2010-0822] Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for Mac, Office 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted OBJ (0x5D) record, aka "Excel Object Stack Overflow Vulnerability."
14465| [CVE-2010-0821] Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 SP3, 2007 SP1 and SP2
14466| [CVE-2010-0820] Heap-based buffer overflow in the Local Security Authority Subsystem Service (LSASS), as used in Active Directory in Microsoft Windows Server 2003 SP2 and Windows Server 2008 Gold, SP2, and R2
14467| [CVE-2010-0819] Unspecified vulnerability in the Windows OpenType Compact Font Format (CFF) driver in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users to execute arbitrary code via unknown vectors related to improper validation when copying data from user mode to kernel mode, aka "OpenType CFF Font Driver Memory Corruption Vulnerability."
14468| [CVE-2010-0818] The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 does not properly handle crafted media content with MPEG-4 video encoding, which allows remote attackers to execute arbitrary code via a file in an unspecified "supported format," aka "MPEG-4 Codec Vulnerability."
14469| [CVE-2010-0817] Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in Microsoft SharePoint Server 2007 12.0.0.6421 and possibly earlier, and SharePoint Services 3.0 SP1 and SP2, versions, allows remote attackers to inject arbitrary web script or HTML via the cid0 parameter.
14470| [CVE-2010-0815] VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls that are embedded in documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "VBE6.DLL Stack Memory Corruption Vulnerability."
14471| [CVE-2010-0814] The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability."
14472| [CVE-2010-0812] Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to bypass intended IPv4 source-address restrictions via a mismatched IPv6 source address in a tunneled ISATAP packet, aka "ISATAP IPv6 Source Address Spoofing Vulnerability."
14473| [CVE-2010-0811] Multiple unspecified vulnerabilities in the Microsoft Internet Explorer 8 Developer Tools ActiveX control in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allow remote attackers to execute arbitrary code via unknown vectors that "corrupt the system state," aka "Microsoft Internet Explorer 8 Developer Tools Vulnerability."
14474| [CVE-2010-0810] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, does not properly handle unspecified exceptions, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
14475| [CVE-2010-0719] An unspecified API in Microsoft Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, and Windows 7 does not validate arguments, which allows local users to cause a denial of service (system crash) via a crafted application.
14476| [CVE-2010-0487] The Authenticode Signature verification functionality in cabview.dll in Cabinet File Viewer Shell Extension 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows remote attackers to execute arbitrary code via a modified cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "Cabview Corruption Validation Vulnerability."
14477| [CVE-2010-0486] The WinVerifyTrust function in Authenticode Signature Verification 5.1, 6.0, and 6.1 in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly use unspecified fields in a file digest, which allows user-assisted remote attackers to execute arbitrary code via a modified (1) Portable Executable (PE) or (2) cabinet (aka .CAB) file that incorrectly appears to have a valid signature, aka "WinVerifyTrust Signature Validation Vulnerability."
14478| [CVE-2010-0485] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 Gold and SP2, Windows 7, and Server 2008 R2 "do not properly validate all callback parameters when creating a new window," which allows local users to execute arbitrary code, aka "Win32k Window Creation Vulnerability."
14479| [CVE-2010-0484] The Windows kernel-mode drivers in win32k.sys in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 "do not properly validate changes in certain kernel objects," which allows local users to execute arbitrary code via vectors related to Device Contexts (DC) and the GetDCEx function, aka "Win32k Improper Data Validation Vulnerability."
14480| [CVE-2010-0483] vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, when Internet Explorer is used, allows user-assisted remote attackers to execute arbitrary code by referencing a (1) local pathname, (2) UNC share pathname, or (3) WebDAV server with a crafted .hlp file in the fourth argument (aka helpfile argument) to the MsgBox function, leading to code execution involving winhlp32.exe when the F1 key is pressed, aka "VBScript Help Keypress Vulnerability."
14481| [CVE-2010-0482] The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate relocation sections of image files, which allows local users to cause a denial of service (reboot) via a crafted file, aka "Windows Kernel Malformed Image Vulnerability."
14482| [CVE-2010-0481] The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly translate a registry key's virtual path to its real path, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Virtual Path Parsing Vulnerability."
14483| [CVE-2010-0480] Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to execute arbitrary code via a crafted AVI file, aka "MPEG Layer-3 Audio Decoder Stack Overflow Vulnerability."
14484| [CVE-2010-0479] Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Publisher file, aka "Microsoft Office Publisher File Conversion TextBox Processing Buffer Overflow Vulnerability."
14485| [CVE-2010-0478] Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
14486| [CVE-2010-0477] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
14487| [CVE-2010-0476] The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
14488| [CVE-2010-0278] A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft Windows Live Messenger 2009 build 14.0.8089.726 on Windows Vista and Windows 7 allows remote attackers to cause a denial of service (msnmsgr.exe crash) by calling the ViewProfile method with a crafted argument during an MSN Messenger session.
14489| [CVE-2010-0270] The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
14490| [CVE-2010-0269] The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
14491| [CVE-2010-0268] Unspecified vulnerability in the Windows Media Player ActiveX control in Windows Media Player (WMP) 9 on Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows remote attackers to execute arbitrary code via crafted media content, aka "Media Player Remote Code Execution Vulnerability."
14492| [CVE-2010-0266] Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
14493| [CVE-2010-0265] Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, and Microsoft Producer 2003, allows remote attackers to execute arbitrary code via a crafted project (.MSWMM) file, aka "Movie Maker and Producer Buffer Overflow Vulnerability."
14494| [CVE-2010-0264] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel DbOrParamQry Record Parsing Vulnerability."
14495| [CVE-2010-0263] Microsoft Office Excel 2007 SP1 and SP2
14496| [CVE-2010-0262] Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet that triggers access of an uninitialized stack variable, aka "Microsoft Office Excel FNGROUPNAME Record Uninitialized Memory Vulnerability."
14497| [CVE-2010-0261] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted spreadsheet in which "a MDXSET record is broken up into several records," aka "Microsoft Office Excel MDXSET Record Heap Overflow Vulnerability."
14498| [CVE-2010-0260] Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2
14499| [CVE-2010-0258] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14500| [CVE-2010-0257] Microsoft Office Excel 2002 SP3 does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Microsoft Office Excel Record Memory Corruption Vulnerability."
14501| [CVE-2010-0256] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly calculate unspecified indexes associated with Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Index Calculation Memory Corruption Vulnerability."
14502| [CVE-2010-0254] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Visio Attribute Validation Memory Corruption Vulnerability."
14503| [CVE-2010-0252] The Microsoft Data Analyzer ActiveX control (aka the Office Excel ActiveX control for Data Analysis) in max3activex.dll in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to execute arbitrary code via a crafted web page that corrupts the "system state," aka "Microsoft Data Analyzer ActiveX Control Vulnerability."
14504| [CVE-2010-0250] Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used in the AVI Filter on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2, and in Quartz on Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, allows remote attackers to execute arbitrary code via an AVI file with a crafted length field in an unspecified video stream, which is not properly handled by the RLE video decompressor, aka "DirectShow Heap Overflow Vulnerability."
14505| [CVE-2010-0249] Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4
14506| [CVE-2010-0243] Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 for Mac allows remote attackers to execute arbitrary code via a crafted Office document, aka "MSO.DLL Buffer Overflow."
14507| [CVE-2010-0242] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to cause a denial of service (system hang) via crafted packets with malformed TCP selective acknowledgement (SACK) values, aka "TCP/IP Selective Acknowledgement Vulnerability."
14508| [CVE-2010-0241] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Route Information packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Route Information Vulnerability."
14509| [CVE-2010-0240] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when a custom network driver is used, does not properly handle local fragmentation of Encapsulating Security Payload (ESP) over UDP packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "Header MDL Fragmentation Vulnerability."
14510| [CVE-2010-0239] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2, when IPv6 is enabled, does not properly perform bounds checking on ICMPv6 Router Advertisement packets, which allows remote attackers to execute arbitrary code via crafted packets, aka "ICMPv6 Router Advertisement Vulnerability."
14511| [CVE-2010-0238] Unspecified vulnerability in registry-key validation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Registry Key Vulnerability."
14512| [CVE-2010-0237] The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows local users to gain privileges by creating a symbolic link from an untrusted registry hive to a trusted registry hive, aka "Windows Kernel Symbolic Link Creation Vulnerability."
14513| [CVE-2010-0236] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not properly allocate memory for the destination key associated with a symbolic-link registry key, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Allocation Vulnerability."
14514| [CVE-2010-0235] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Vista Gold does not perform the expected validation before creating a symbolic link, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Symbolic Link Value Vulnerability."
14515| [CVE-2010-0234] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate a registry-key argument to an unspecified system call, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Null Pointer Vulnerability."
14516| [CVE-2010-0233] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application, aka "Windows Kernel Double Free Vulnerability."
14517| [CVE-2010-0232] The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges by crafting a VDM_TIB data structure in the Thread Environment Block (TEB), and then calling the NtVdmControl function to start the Windows Virtual DOS Machine (aka NTVDM) subsystem, leading to improperly handled exceptions involving the #GP trap handler (nt!KiTrap0D), aka "Windows Kernel Exception Handler Vulnerability."
14518| [CVE-2010-0231] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not use a sufficient source of entropy, which allows remote attackers to obtain access to files and other SMB resources via a large number of authentication requests, related to server-generated challenges, certain "duplicate values," and spoofing of an authentication token, aka "SMB NTLM Authentication Lack of Entropy Vulnerability."
14519| [CVE-2010-0035] The Key Distribution Center (KDC) in Kerberos in Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2, when a trust relationship with a non-Windows Kerberos realm exists, allows remote authenticated users to cause a denial of service (NULL pointer dereference and domain controller outage) via a crafted Ticket Granting Ticket (TGT) renewal request, aka "Kerberos Null Pointer Dereference Vulnerability."
14520| [CVE-2010-0034] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
14521| [CVE-2010-0033] Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
14522| [CVE-2010-0032] Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
14523| [CVE-2010-0031] Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
14524| [CVE-2010-0030] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
14525| [CVE-2010-0029] Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
14526| [CVE-2010-0028] Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
14527| [CVE-2010-0027] The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
14528| [CVE-2010-0026] The Hyper-V server implementation in Microsoft Windows Server 2008 Gold, SP2, and R2 on the x64 platform allows guest OS users to cause a denial of service (host OS hang) via a crafted application that executes a malformed series of machine instructions, aka "Hyper-V Instruction Set Validation Vulnerability."
14529| [CVE-2010-0025] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2000 SP3, does not properly allocate memory for SMTP command replies, which allows remote attackers to read fragments of e-mail messages by sending a series of invalid commands and then sending a STARTTLS command, aka "SMTP Memory Allocation Vulnerability."
14530| [CVE-2010-0024] The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, and Server 2008 Gold, SP2, and R2, and Exchange Server 2003 SP2, does not properly parse MX records, which allows remote DNS servers to cause a denial of service (service outage) via a crafted response to a DNS MX record query, aka "SMTP Server MX Record Vulnerability."
14531| [CVE-2010-0023] The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly kill processes after a logout, which allows local users to obtain sensitive information or gain privileges via a crafted application that continues to execute throughout the logout of one user and the login session of the next user, aka "CSRSS Local Privilege Elevation Vulnerability."
14532| [CVE-2010-0022] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate the share and servername fields in SMB packets, which allows remote attackers to cause a denial of service (system hang) via a crafted packet, aka "SMB Null Pointer Vulnerability."
14533| [CVE-2010-0021] Multiple race conditions in the SMB implementation in the Server service in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allow remote attackers to cause a denial of service (system hang) via a crafted (1) SMBv1 or (2) SMBv2 Negotiate packet, aka "SMB Memory Corruption Vulnerability."
14534| [CVE-2010-0020] The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
14535| [CVE-2010-0018] Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4
14536| [CVE-2010-0017] Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
14537| [CVE-2010-0016] The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
14538| [CVE-2009-4313] ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
14539| [CVE-2009-4312] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Dave Lenoe of Adobe.
14540| [CVE-2009-4311] Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted media content, as reported to Microsoft by Paul Byrne of NGS Software. NOTE: this might overlap CVE-2008-3615.
14541| [CVE-2009-4310] Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
14542| [CVE-2009-4309] Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
14543| [CVE-2009-4210] The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted media content.
14544| [CVE-2009-3830] The download functionality in Team Services in Microsoft Office SharePoint Server 2007 12.0.0.4518 and 12.0.0.6219 allows remote attackers to read ASP.NET source code via pathnames in the SourceUrl and Source parameters to _layouts/download.aspx.
14545| [CVE-2009-3678] Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
14546| [CVE-2009-3677] The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
14547| [CVE-2009-3676] The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."
14548| [CVE-2009-3675] LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote authenticated users to cause a denial of service (CPU consumption) via a malformed ISAKMP request over IPsec, aka "Local Security Authority Subsystem Service Resource Exhaustion Vulnerability."
14549| [CVE-2009-3450] Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are incompatible with an XSS protection mechanism provided by Microsoft ASP.NET.
14550| [CVE-2009-3135] Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
14551| [CVE-2009-3134] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14552| [CVE-2009-3133] Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a spreadsheet containing a malformed object that triggers memory corruption, related to "loading Excel records," aka "Excel Document Parsing Memory Corruption Vulnerability."
14553| [CVE-2009-3132] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14554| [CVE-2009-3131] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14555| [CVE-2009-3130] Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a spreadsheet containing a malformed Binary File Format (aka BIFF) record that triggers memory corruption, aka "Excel Document Parsing Heap Overflow Vulnerability."
14556| [CVE-2009-3129] Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14557| [CVE-2009-3128] Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer 2003 SP3, does not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel SxView Memory Corruption Vulnerability."
14558| [CVE-2009-3127] Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, and Office Excel Viewer 2003 SP3 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a crafted spreadsheet, aka "Excel Cache Memory Corruption Vulnerability."
14559| [CVE-2009-3126] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Integer Overflow Vulnerability."
14560| [CVE-2009-3103] Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
14561| [CVE-2009-3020] win32k.sys in Microsoft Windows Server 2003 SP2 allows remote attackers to cause a denial of service (system crash) by referencing a crafted .eot file in the src descriptor of an @font-face Cascading Style Sheets (CSS) rule in an HTML document, possibly related to the Embedded OpenType (EOT) Font Engine, a different vulnerability than CVE-2006-0010, CVE-2009-0231, and CVE-2009-0232. NOTE: some of these details are obtained from third party information.
14562| [CVE-2009-2653] ** DISPUTED ** The NtUserConsoleControl function in win32k.sys in Microsoft Windows XP SP2 and SP3, and Server 2003 before SP1, allows local administrators to bypass unspecified "security software" and gain privileges via a crafted call that triggers an overwrite of an arbitrary memory location. NOTE: the vendor disputes the significance of this report, stating that 'the Administrator to SYSTEM "escalation" is not a security boundary we defend.'
14563| [CVE-2009-2532] Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC do not properly process the command value in an SMB Multi-Protocol Negotiate Request packet, which allows remote attackers to execute arbitrary code via a crafted SMBv2 packet to the Server service, aka "SMBv2 Command Value Vulnerability."
14564| [CVE-2009-2526] Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted packet to the Server service, aka "SMBv2 Infinite Loop Vulnerability."
14565| [CVE-2009-2524] Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows remote attackers to cause a denial of service (reboot) via a malformed packet, aka "Local Security Authority Subsystem Service Integer Overflow Vulnerability."
14566| [CVE-2009-2523] The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via an RPC message containing a string without a null terminator, which triggers a heap-based buffer overflow in the LlsrLicenseRequestW method, aka "License Logging Server Heap Overflow Vulnerability."
14567| [CVE-2009-2519] The DHTML Editing Component ActiveX control in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly format HTML markup, which allows remote attackers to execute arbitrary code via a crafted web site that triggers "system state" corruption, aka "DHTML Editing Component ActiveX Control Vulnerability."
14568| [CVE-2009-2517] The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a crafted application, aka "Windows Kernel Exception Handler Vulnerability."
14569| [CVE-2009-2516] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly validate data sent from user mode, which allows local users to gain privileges via a crafted PE .exe file that triggers a NULL pointer dereference during chain traversal, aka "Windows Kernel NULL Pointer Dereference Vulnerability."
14570| [CVE-2009-2515] Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a crafted application that triggers an incorrect truncation of a 64-bit integer to a 32-bit integer, aka "Windows Kernel Integer Underflow Vulnerability."
14571| [CVE-2009-2514] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
14572| [CVE-2009-2513] The Graphics Device Interface (GDI) in win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Insufficient Data Validation Vulnerability."
14573| [CVE-2009-2511] Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows man-in-the-middle attackers to spoof arbitrary SSL servers and other entities via an X.509 certificate that has a malformed ASN.1 Object Identifier (OID) and was issued by a legitimate Certification Authority, aka "Integer Overflow in X.509 Object Identifiers Vulnerability."
14574| [CVE-2009-2510] The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used by Internet Explorer and other applications, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, aka "Null Truncation in X.509 Common Name Vulnerability," a related issue to CVE-2009-2408.
14575| [CVE-2009-2509] Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly validate headers in HTTP requests, which allows remote authenticated users to execute arbitrary code via a crafted request to an IIS web server, aka "Remote Code Execution in ADFS Vulnerability."
14576| [CVE-2009-2508] The single sign-on implementation in Active Directory Federation Services (ADFS) in Microsoft Windows Server 2003 SP2 and Server 2008 Gold and SP2 does not properly remove credentials at the end of a network session, which allows physically proximate attackers to obtain the credentials of a previous user of the same web browser by using data from the browser's cache, aka "Single Sign On Spoofing in ADFS Vulnerability."
14577| [CVE-2009-2507] A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary programs via unspecified vectors that cause a "vulnerable binary" to load and run, aka "Memory Corruption in Indexing Service Vulnerability."
14578| [CVE-2009-2506] Integer overflow in the text converters in Microsoft Office Word 2002 SP3 and 2003 SP3
14579| [CVE-2009-2505] The Internet Authentication Service (IAS) in Microsoft Windows Vista SP2 and Server 2008 SP2 does not properly validate MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication requests, which allows remote attackers to execute arbitrary code via crafted structures in a malformed request, aka "Internet Authentication Service Memory Corruption Vulnerability."
14580| [CVE-2009-2504] Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server 2008 Gold, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allow remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "GDI+ .NET API Vulnerability."
14581| [CVE-2009-2503] GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Windows Server 2003 SP2, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 does not properly allocate an unspecified buffer, which allows remote attackers to execute arbitrary code via a crafted TIFF image file that triggers memory corruption, aka "GDI+ TIFF Memory Corruption Vulnerability."
14582| [CVE-2009-2502] Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted TIFF image file, aka "GDI+ TIFF Buffer Overflow Vulnerability."
14583| [CVE-2009-2501] Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted PNG image file, aka "GDI+ PNG Heap Overflow Vulnerability."
14584| [CVE-2009-2500] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP2, Office Word Viewer, Word Viewer 2003 Gold and SP3, Office Excel Viewer 2003 Gold and SP3, Office Excel Viewer, Office PowerPoint Viewer 2007 Gold, SP1, and SP2, Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2, Expression Web, Expression Web 2, Groove 2007 Gold and SP1, Works 8.5, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2 and SP3, Report Viewer 2005 SP1, Report Viewer 2008 Gold and SP1, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a crafted WMF image file, aka "GDI+ WMF Integer Overflow Vulnerability."
14585| [CVE-2009-2498] Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows Media Services 9.1 and 2008 do not properly parse malformed headers in Advanced Systems Format (ASF) files, which allows remote attackers to execute arbitrary code via a crafted (1) .asf, (2) .wmv, or (3) .wma file, aka "Windows Media Header Parsing Invalid Free Vulnerability."
14586| [CVE-2009-2497] The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 SP1, 2.0 SP2, 3.5, and 3.5 SP1, and Silverlight 2, does not properly handle interfaces, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted Silverlight application, (3) a crafted ASP.NET application, or (4) a crafted .NET Framework application, aka "Microsoft Silverlight and Microsoft .NET Framework CLR Vulnerability."
14587| [CVE-2009-2496] Heap-based buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Office Web Components Heap Corruption Vulnerability."
14588| [CVE-2009-2495] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1 does not properly enforce string termination, which allows remote attackers to obtain sensitive information via a crafted HTML document with an ATL (1) component or (2) control that triggers a buffer over-read, related to ATL headers and buffer allocation, aka "ATL Null String Vulnerability."
14589| [CVE-2009-2494] The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."
14590| [CVE-2009-2493] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold and SP1, and Visual C++ 2005 SP1 and 2008 Gold and SP1
14591| [CVE-2009-1930] The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
14592| [CVE-2009-1929] Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2
14593| [CVE-2009-1928] Stack consumption vulnerability in the LDAP service in Active Directory on Microsoft Windows 2000 SP4, Server 2003 SP2, and Server 2008 Gold and SP2
14594| [CVE-2009-1926] Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allow remote attackers to cause a denial of service (TCP outage) via a series of TCP sessions that have pending data and a (1) small or (2) zero receive window size, and remain in the FIN-WAIT-1 or FIN-WAIT-2 state indefinitely, aka "TCP/IP Orphaned Connections Vulnerability."
14595| [CVE-2009-1925] The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
14596| [CVE-2009-1924] Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
14597| [CVE-2009-1923] Heap-based buffer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted WINS replication packet that triggers an incorrect buffer-length calculation, aka "WINS Heap Overflow Vulnerability."
14598| [CVE-2009-1922] The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
14599| [CVE-2009-1546] Integer overflow in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
14600| [CVE-2009-1545] Unspecified vulnerability in Avifil32.dll in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
14601| [CVE-2009-1544] Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
14602| [CVE-2009-1542] The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."
14603| [CVE-2009-1539] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 does not properly validate unspecified size fields in QuickTime media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "DirectX Size Validation Vulnerability."
14604| [CVE-2009-1538] The QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 performs updates to pointers without properly validating unspecified data values, which allows remote attackers to execute arbitrary code via a crafted QuickTime media file, aka "DirectX Pointer Validation Vulnerability."
14605| [CVE-2009-1537] Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."
14606| [CVE-2009-1536] ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
14607| [CVE-2009-1534] Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
14608| [CVE-2009-1533] Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."
14609| [CVE-2009-1491] McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and possibly other anti-virus or anti-spam products from McAfee or other vendors, does not scan X- headers for malicious content, which allows remote attackers to bypass virus detection via a crafted message, as demonstrated by a message with an X-Testing header and no message body.
14610| [CVE-2009-1216] Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA)
14611| [CVE-2009-1141] Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
14612| [CVE-2009-1139] Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."
14613| [CVE-2009-1138] The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.
14614| [CVE-2009-1137] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-0227.
14615| [CVE-2009-1136] The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
14616| [CVE-2009-1135] Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web pages, via vectors involving attempted access to a network resource behind the ISA Server, aka "Radius OTP Bypass Vulnerability."
14617| [CVE-2009-1134] Excel in 2007 Microsoft Office System SP1 and SP2
14618| [CVE-2009-1133] Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
14619| [CVE-2009-1132] Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka Wlansvc) in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed wireless frame, aka "Wireless Frame Parsing Remote Code Execution Vulnerability."
14620| [CVE-2009-1131] Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory corruption, aka "Data Out of Bounds Vulnerability."
14621| [CVE-2009-1130] Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes container in a PowerPoint file that causes PowerPoint to read more data than was allocated when creating a C++ object, leading to an overwrite of a function pointer, aka "Heap Corruption Vulnerability."
14622| [CVE-2009-1129] Multiple stack-based buffer overflows in the PowerPoint 95 importer (PP7X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via an inconsistent record length in sound data in a file that uses a PowerPoint 95 (PPT95) native file format, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1128.
14623| [CVE-2009-1128] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to memory corruption, aka "PP7 Memory Corruption Vulnerability," a different vulnerability than CVE-2009-1129.
14624| [CVE-2009-1127] win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 does not correctly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application that triggers a NULL pointer dereference, aka "Win32k NULL Pointer Dereferencing Vulnerability."
14625| [CVE-2009-1126] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."
14626| [CVE-2009-1125] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."
14627| [CVE-2009-1124] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."
14628| [CVE-2009-1123] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."
14629| [CVE-2009-1122] The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.
14630| [CVE-2009-1043] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.
14631| [CVE-2009-1011] Unspecified vulnerability in the Outside In Technology component in Oracle Application Server 8.2.2 and 8.3.0 allows local users to affect confidentiality, integrity, and availability, related to HTML. NOTE: the previous information was obtained from the April 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is for multiple integer overflows in a function that parses an optional data stream within a Microsoft Office file, leading to a heap-based buffer overflow.
14632| [CVE-2009-0901] The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 SP1, Visual Studio 2005 SP1 and 2008 Gold, and Visual C++ 2005 SP1 and 2008 Gold and SP1
14633| [CVE-2009-0568] The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."
14634| [CVE-2009-0566] Microsoft Office Publisher 2007 SP1 does not properly calculate object handler data for Publisher files, which allows remote attackers to execute arbitrary code via a crafted file in a legacy format that triggers memory corruption, aka "Pointer Dereference Vulnerability."
14635| [CVE-2009-0565] Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 SP1 and SP2
14636| [CVE-2009-0563] Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14637| [CVE-2009-0562] The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office Web Components Memory Allocation Vulnerability."
14638| [CVE-2009-0561] Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14639| [CVE-2009-0560] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14640| [CVE-2009-0559] Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."
14641| [CVE-2009-0558] Array index error in Excel in Microsoft Office 2000 SP3 and Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac, allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Array Indexing Memory Corruption Vulnerability."
14642| [CVE-2009-0557] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14643| [CVE-2009-0556] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."
14644| [CVE-2009-0554] Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14645| [CVE-2009-0553] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14646| [CVE-2009-0552] Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 on Windows XP SP2 and SP3, and 6 on Windows Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."
14647| [CVE-2009-0551] Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 does not properly handle transition errors in a request for one HTTP document followed by a request for a second HTTP document, which allows remote attackers to execute arbitrary code via vectors involving (1) multiple crafted pages on a web site or (2) a web page with crafted inline content such as banner advertisements, aka "Page Transition Memory Corruption Vulnerability."
14648| [CVE-2009-0550] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008
14649| [CVE-2009-0549] Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac
14650| [CVE-2009-0320] Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O activity measurements of all processes, which allows local users to obtain sensitive information, as demonstrated by reading the I/O Other Bytes column in Task Manager (aka taskmgr.exe) to estimate the number of characters that a different user entered at a runas.exe password prompt, related to a "benchmarking attack."
14651| [CVE-2009-0239] Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."
14652| [CVE-2009-0238] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
14653| [CVE-2009-0235] Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."
14654| [CVE-2009-0234] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 does not properly cache crafted DNS responses, which makes it easier for remote attackers to predict transaction IDs and poison caches by sending many crafted DNS queries that trigger "unnecessary lookups," aka "DNS Server Response Validation Vulnerability."
14655| [CVE-2009-0233] The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not reuse cached DNS responses in all applicable situations, which makes it easier for remote attackers to predict transaction IDs and poison caches by simultaneously sending crafted DNS queries and responses, aka "DNS Server Query Validation Vulnerability."
14656| [CVE-2009-0232] Integer overflow in the Embedded OpenType (EOT) Font Engine in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table, aka "Embedded OpenType Font Integer Overflow Vulnerability."
14657| [CVE-2009-0231] The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted name table in a data record that triggers an integer truncation and a heap-based buffer overflow, aka "Embedded OpenType Font Heap Overflow Vulnerability."
14658| [CVE-2009-0230] The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."
14659| [CVE-2009-0229] The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."
14660| [CVE-2009-0228] Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."
14661| [CVE-2009-0227] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a large number of structures in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0226, and CVE-2009-1137.
14662| [CVE-2009-0226] Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via a long string in sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0223, CVE-2009-0227, and CVE-2009-1137.
14663| [CVE-2009-0225] Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 Memory Corruption Vulnerability."
14664| [CVE-2009-0224] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 and SP2
14665| [CVE-2009-0223] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0222, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
14666| [CVE-2009-0222] Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to a "pointer overwrite" and memory corruption, aka "Legacy File Format Vulnerability," a different vulnerability than CVE-2009-0223, CVE-2009-0226, CVE-2009-0227, and CVE-2009-1137.
14667| [CVE-2009-0221] Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a PowerPoint file containing a crafted record type for "collaboration information for different slides" that contains a field that specifies a large number of records, which triggers an under-allocated buffer and a heap-based buffer overflow, aka "Integer Overflow Vulnerability."
14668| [CVE-2009-0220] Multiple stack-based buffer overflows in the PowerPoint 4.0 importer (PP4X32.DLL) in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allow remote attackers to execute arbitrary code via crafted formatting data for paragraphs in a file that uses a PowerPoint 4.0 native file format, related to (1) an incorrect calculation from a record header, or (2) an interget that is used to specify the number of bytes to copy, aka "Legacy File Format Vulnerability."
14669| [CVE-2009-0202] Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows 2.1 Translator in Microsoft PowerPoint 2000 and 2002 allows remote attackers to execute arbitrary code via a Freelance file with unspecified "layout information" that triggers a heap-based buffer overflow.
14670| [CVE-2009-0102] Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, does not properly handle memory allocation for Project files, which allows remote attackers to execute arbitrary code via a malformed file, aka "Project Memory Validation Vulnerability."
14671| [CVE-2009-0100] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1
14672| [CVE-2009-0099] The Electronic Messaging System Microsoft Data Base (EMSMDB32) provider in Microsoft Exchange 2000 Server SP3 and Exchange Server 2003 SP2, as used in Exchange System Attendant, allows remote attackers to cause a denial of service (application outage) via a malformed MAPI command, aka "Literal Processing Vulnerability."
14673| [CVE-2009-0098] Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and Exchange Server 2007 SP1 do not properly interpret Transport Neutral Encapsulation (TNEF) properties, which allows remote attackers to execute arbitrary code via a crafted TNEF message, aka "Memory Corruption Vulnerability."
14674| [CVE-2009-0097] Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly validate memory allocation for Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Corruption Vulnerability."
14675| [CVE-2009-0096] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly perform memory copy operations for object data, which allows remote attackers to execute arbitrary code via a crafted Visio document, aka "Memory Corruption Vulnerability."
14676| [CVE-2009-0095] Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not properly validate object data in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Memory Validation Vulnerability."
14677| [CVE-2009-0094] The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
14678| [CVE-2009-0093] Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008, when dynamic updates are enabled, does not restrict registration of the "wpad" hostname, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) feature, and conduct man-in-the-middle attacks by spoofing a proxy server, via a Dynamic Update request for this hostname, aka "DNS Server Vulnerability in WPAD Registration Vulnerability," a related issue to CVE-2007-1692.
14679| [CVE-2009-0091] Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly enforce a certain type-equality constraint in .NET verifiable code, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Type Verification Vulnerability."
14680| [CVE-2009-0090] Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
14681| [CVE-2009-0089] Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Vista Gold allows remote web servers to impersonate arbitrary https web sites by using DNS spoofing to "forward a connection" to a different https web site that has a valid certificate matching its own domain name, but not a certificate matching the domain name of the host requested by the user, aka "Windows HTTP Services Certificate Name Mismatch Vulnerability."
14682| [CVE-2009-0088] The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
14683| [CVE-2009-0087] Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2
14684| [CVE-2009-0086] Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
14685| [CVE-2009-0085] The Secure Channel (aka SChannel) authentication component in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, when certificate authentication is used, does not properly validate the client's key exchange data in Transport Layer Security (TLS) handshake messages, which allows remote attackers to spoof authentication by crafting a TLS packet based on knowledge of the certificate but not the private key, aka "SChannel Spoofing Vulnerability."
14686| [CVE-2009-0083] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 does not properly handle invalid pointers, which allows local users to gain privileges via an application that triggers use of a crafted pointer, aka "Windows Kernel Invalid Pointer Vulnerability."
14687| [CVE-2009-0082] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate handles, which allows local users to gain privileges via a crafted application that triggers unspecified "actions," aka "Windows Kernel Handle Validation Vulnerability."
14688| [CVE-2009-0081] The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
14689| [CVE-2009-0079] The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 SP1 and SP2 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows RPCSS Service Isolation Vulnerability."
14690| [CVE-2009-0078] The Windows Management Instrumentation (WMI) provider in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly implement isolation among a set of distinct processes that (1) all run under the NetworkService account or (2) all run under the LocalService account, which allows local users to gain privileges by accessing the resources of one of the processes, aka "Windows WMI Service Isolation Vulnerability."
14691| [CVE-2008-7217] Microsoft Office 2008 for Mac, when running on Macintosh systems that restrict Office access to administrators, does not enforce this restriction for user ID 502, which allows local users with that ID to bypass intended security policy and access Office programs, related to permissions and ownership for certain directories.
14692| [CVE-2008-6819] win32k.sys in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (system crash) via vectors related to CreateWindow, TranslateMessage, and DispatchMessage, possibly a race condition between threads, a different vulnerability than CVE-2008-1084. NOTE: some of these details are obtained from third party information.
14693| [CVE-2008-6219] nsrexecd.exe in multiple EMC Networker products including EMC NetWorker Server, Storage Node, and Client 7.3.x and 7.4, 7.4.1, 7.4.2, Client and Storage Node for Open VMS 7.3.2 ECO6 and earlier, Module for Microsoft Exchange 5.1 and earlier, Module for Microsoft Applications 2.0 and earlier, Module for Meditech 2.0 and earlier, and PowerSnap 2.4 SP1 and earlier does not properly control the allocation of memory, which allows remote attackers to cause a denial of service (memory exhaustion) via multiple crafted RPC requests.
14694| [CVE-2008-6063] Microsoft Word 2007, when the "Save as PDF" add-on is enabled, places an absolute pathname in the Subject field during an "Email as PDF" operation, which allows remote attackers to obtain sensitive information such as the sender's account name and a Temporary Internet Files subdirectory name.
14695| [CVE-2008-5912] An unspecified function in the JavaScript implementation in Microsoft Internet Explorer creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
14696| [CVE-2008-5823] An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used with WScript in Windows Script Host (WSH) on Windows Vista, allows remote attackers to cause a denial of service (access violation and application crash) via a zero value for the Startup property.
14697| [CVE-2008-5416] Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, 8.00.2050, 8.00.2039, and earlier
14698| [CVE-2008-5232] Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown
14699| [CVE-2008-5112] The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
14700| [CVE-2008-5100] The strong name (SN) implementation in Microsoft .NET Framework 2.0.50727 relies on the digital signature Public Key Token embedded in the pathname of a DLL file instead of the digital signature of this file itself, which makes it easier for attackers to bypass Global Assembly Cache (GAC) and Code Access Security (CAS) protection mechanisms, aka MSRC ticket MSRC8566gs.
14701| [CVE-2008-5044] Race condition in Microsoft Windows Server 2003 and Vista allows local users to cause a denial of service (crash or hang) via a multi-threaded application that makes many calls to UnhookWindowsHookEx while certain other desktop activity is occurring.
14702| [CVE-2008-4844] Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
14703| [CVE-2008-4841] The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
14704| [CVE-2008-4837] Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14705| [CVE-2008-4835] SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans2 request, related to "insufficiently validating the buffer size," aka "SMB Validation Remote Code Execution Vulnerability."
14706| [CVE-2008-4834] Buffer overflow in SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via malformed values of unspecified "fields inside the SMB packets" in an NT Trans request, aka "SMB Buffer Overflow Remote Code Execution Vulnerability."
14707| [CVE-2008-4493] Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
14708| [CVE-2008-4295] Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices does not properly handle the first attempt to establish a Bluetooth connection to a peer with a long name, which allows remote attackers to cause a denial of service (device reboot) by configuring a Bluetooth device with a long hci name and (1) connecting directly to the Windows Mobile system or (2) waiting for the Windows Mobile system to scan for nearby devices.
14709| [CVE-2008-4269] The search-ms protocol handler in Windows Explorer in Microsoft Windows Vista Gold and SP1 and Server 2008 uses untrusted parameter data obtained from incorrect parsing, which allows remote attackers to execute arbitrary code via a crafted HTML document, aka "Windows Search Parsing Vulnerability."
14710| [CVE-2008-4268] The Windows Search component in Microsoft Windows Vista Gold and SP1 and Server 2008 does not properly free memory during a save operation for a Windows Search file, which allows remote attackers to execute arbitrary code via a crafted saved-search file, aka "Windows Saved Search Vulnerability."
14711| [CVE-2008-4266] Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP3
14712| [CVE-2008-4265] Microsoft Office Excel 2000 SP3 allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet that contains a malformed object, which triggers memory corruption during the loading of records from this spreadsheet, aka "File Format Parsing Vulnerability."
14713| [CVE-2008-4264] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14714| [CVE-2008-4261] Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 SP1 on Windows 2000, and 6 on Windows XP and Server 2003 does not properly handle extraneous data associated with an object embedded in a web page, which allows remote attackers to execute arbitrary code via crafted HTML tags that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
14715| [CVE-2008-4256] The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."
14716| [CVE-2008-4255] Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
14717| [CVE-2008-4253] The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, Office FrontPage 2002 SP3, and Office Project 2003 SP3 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "FlexGrid Control Memory Corruption Vulnerability."
14718| [CVE-2008-4250] The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
14719| [CVE-2008-4114] srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
14720| [CVE-2008-4110] Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in Tools\Binn\sqlvdir.dll in Microsoft SQL Server 2000 (aka SQL Server 8.0) allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long URL in the second argument to the Connect method. NOTE: this issue is not a vulnerability in many environments, since the control is not marked as safe for scripting and would not execute with default Internet Explorer settings.
14721| [CVE-2008-4038] Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a Server Message Block (SMB) request that contains a filename with a crafted length, aka "SMB Buffer Underflow Vulnerability."
14722| [CVE-2008-4037] Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote SMB servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, as demonstrated by backrush, aka "SMB Credential Reflection Vulnerability." NOTE: some reliable sources report that this vulnerability exists because of an insufficient fix for CVE-2000-0834.
14723| [CVE-2008-4036] Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."
14724| [CVE-2008-4032] Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."
14725| [CVE-2008-4031] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14726| [CVE-2008-4030] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14727| [CVE-2008-4028] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14728| [CVE-2008-4027] Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14729| [CVE-2008-4026] Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14730| [CVE-2008-4025] Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and SP1
14731| [CVE-2008-4024] Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac allow remote attackers to execute arbitrary code via a Word document with a crafted lcbPlcfBkfSdt field in the File Information Block (FIB), which bypasses an initialization step and triggers an "arbitrary free," aka "Word Memory Corruption Vulnerability."
14732| [CVE-2008-4023] Active Directory in Microsoft Windows 2000 SP4 does not properly allocate memory for (1) LDAP and (2) LDAPS requests, which allows remote attackers to execute arbitrary code via a crafted request, aka "Active Directory Overflow Vulnerability."
14733| [CVE-2008-4019] Integer overflow in the REPT function in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14734| [CVE-2008-3956] orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .opx file.
14735| [CVE-2008-3704] Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
14736| [CVE-2008-3648] nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote attackers to execute arbitrary code, as demonstrated by an attempted DNS zone transfer, and as exploited in the wild in August 2008.
14737| [CVE-2008-3636] Integer overflow in the IopfCompleteRequest API in the kernel in Microsoft Windows 2000, XP, Server 2003, and Vista allows context-dependent attackers to gain privileges. NOTE: this issue was originally reported for GEARAspiWDM.sys 2.0.7.5 in Gear Software CD DVD Filter driver before 4.001.7, as used in other products including Apple iTunes and multiple Symantec and Norton products, which allows local users to gain privileges via repeated IoAttachDevice IOCTL calls to \\.\GEARAspiWDMDevice in this GEARAspiWDM.sys. However, the root cause is the integer overflow in the API call itself.
14738| [CVE-2008-3479] Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of parameters to string APIs, aka "Message Queuing Service Remote Code Execution Vulnerability."
14739| [CVE-2008-3477] Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not properly validate data in the VBA Performance Cache when processing an Office document with an embedded object, which allows remote attackers to execute arbitrary code via an Excel file containing a crafted value, leading to heap-based buffer overflows, integer overflows, array index errors, and memory corruption, aka "Calendar Object Validation Vulnerability."
14740| [CVE-2008-3471] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14741| [CVE-2008-3466] Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not limit RPC access to administrative functions, which allows remote attackers to bypass authentication and execute arbitrary programs via a crafted SNA RPC message using opcode 1 or 6 to call the CreateProcess function, aka "HIS Command Execution Vulnerability."
14742| [CVE-2008-3465] Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows context-dependent attackers to cause a denial of service or execute arbitrary code via a WMF file with a malformed file-size parameter, which would not be properly handled by a third-party application that uses this API for a copy operation, aka "GDI Heap Overflow Vulnerability."
14743| [CVE-2008-3464] afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."
14744| [CVE-2008-3460] WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14745| [CVE-2008-3068] Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.
14746| [CVE-2008-3021] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14747| [CVE-2008-3020] Microsoft Office 2000 SP3 and XP SP3
14748| [CVE-2008-3019] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14749| [CVE-2008-3018] Microsoft Office 2000 SP3, XP SP3, and 2003 SP2
14750| [CVE-2008-3015] Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
14751| [CVE-2008-3014] Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed WMF image file that triggers improper memory allocation, aka "GDI+ WMF Buffer Overrun Vulnerability."
14752| [CVE-2008-3013] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a malformed GIF image file containing many extension markers for graphic control extensions and subsequent unknown labels, aka "GDI+ GIF Parsing Vulnerability."
14753| [CVE-2008-3012] gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 does not properly perform memory allocation, which allows remote attackers to execute arbitrary code via a malformed EMF image file, aka "GDI+ EMF Memory Corruption Vulnerability."
14754| [CVE-2008-3009] Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 through 11, and Windows Media Services 4.1, 9, and 2008 do not properly use the Service Principal Name (SPN) identifier when validating replies to authentication requests, which allows remote servers to execute arbitrary code via vectors that employ NTLM credential reflection, aka "SPN Vulnerability."
14755| [CVE-2008-3007] Argument injection vulnerability in a URI handler in Microsoft Office XP SP3, 2003 SP2 and SP3, 2007 Office System Gold and SP1, and Office OneNote 2007 Gold and SP1 allow remote attackers to execute arbitrary code via a crafted onenote:// URL, aka "Uniform Resource Locator Validation Error Vulnerability."
14756| [CVE-2008-3006] Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1
14757| [CVE-2008-3005] Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 SP3, and Office 2004 and 2008 for Mac allows remote attackers to execute arbitrary code via an Excel file with a crafted array index for a FORMAT record, aka the "Excel Index Array Vulnerability."
14758| [CVE-2008-3004] Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3
14759| [CVE-2008-3003] Microsoft Office Excel 2007 Gold and SP1 does not properly delete the PWD (password) string from connections.xml when a .xlsx file is configured not to save the remote data session password, which allows local users to obtain sensitive information and obtain access to a remote data source, aka the "Excel Credential Caching Vulnerability."
14760| [CVE-2008-2752] Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly handle unordered lists, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .doc file. NOTE: some of these details are obtained from third party information.
14761| [CVE-2008-2540] Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, and subsequently allows remote attackers to execute arbitrary code on Windows by leveraging an untrusted search path vulnerability in (a) Internet Explorer 7 on Windows XP or (b) the SearchPath function in Windows XP, Vista, and Server 2003 and 2008, aka a "Carpet Bomb" and a "Blended Threat Elevation of Privilege Vulnerability," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because the Microsoft products can load application libraries from the desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X.
14762| [CVE-2008-2463] The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
14763| [CVE-2008-2252] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate parameters sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Corruption Vulnerability."
14764| [CVE-2008-2251] Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that makes system calls within multiple threads, aka "Windows Kernel Unhandled Exception Vulnerability." NOTE: according to Microsoft, this is not a duplicate of CVE-2008-4510.
14765| [CVE-2008-2250] The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate window properties sent from a parent window to a child window during creation of a new window, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Window Creation Vulnerability."
14766| [CVE-2008-2249] Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
14767| [CVE-2008-2246] Microsoft Windows Vista through SP1 and Server 2008 do not properly import the default IPsec policy from a Windows Server 2003 domain to a Windows Server 2008 domain, which prevents IPsec rules from being enforced and allows remote attackers to bypass intended access restrictions.
14768| [CVE-2008-2245] Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
14769| [CVE-2008-2244] Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
14770| [CVE-2008-1898] A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
14771| [CVE-2008-1888] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 2.0 allows remote attackers to inject arbitrary web script or HTML via the Picture Source (aka picture object source) field in the Rich Text Editor.
14772| [CVE-2008-1547] Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft Outlook Web Access (OWA) for Exchange Server 2003 SP2 (aka build 6.5.7638) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the URL parameter.
14773| [CVE-2008-1457] The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate per-user subscriptions, which allows remote authenticated users to execute arbitrary code via a crafted event subscription request.
14774| [CVE-2008-1456] Array index vulnerability in the Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote authenticated users to execute arbitrary code via a crafted event subscription request that is used to access an array of function pointers.
14775| [CVE-2008-1455] A "memory calculation error" in Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP2, and 2007 through SP1
14776| [CVE-2008-1454] Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server 2003 SP1 and SP2, and Server 2008 allows remote attackers to conduct cache poisoning attacks via unknown vectors related to accepting "records from a response that is outside the remote server's authority," aka "DNS Cache Poisoning Vulnerability," a different vulnerability than CVE-2008-1447.
14777| [CVE-2008-1451] The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 and SP2, does not properly validate data structures in WINS network packets, which allows local users to gain privileges via a crafted packet, aka "Memory Overwrite Vulnerability."
14778| [CVE-2008-1446] Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."
14779| [CVE-2008-1445] Active Directory on Microsoft Windows 2000 Server SP4, XP Professional SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to cause a denial of service (system hang or reboot) via a crafted LDAP request.
14780| [CVE-2008-1444] Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a Synchronized Accessible Media Interchange (SAMI) file with crafted parameters for a Class Name variable, aka the "SAMI Format Parsing Vulnerability."
14781| [CVE-2008-1441] Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system hang) via a series of Pragmatic General Multicast (PGM) packets with invalid fragment options, aka the "PGM Malformed Fragment Vulnerability."
14782| [CVE-2008-1440] Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does not properly validate the option length field in Pragmatic General Multicast (PGM) packets, which allows remote attackers to cause a denial of service (infinite loop and system hang) via a crafted PGM packet, aka the "PGM Invalid Length Vulnerability."
14783| [CVE-2008-1436] Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 does not properly assign activities to the (1) NetworkService and (2) LocalService accounts, which might allow context-dependent attackers to gain privileges by using one service process to capture a resource from a second service process that has a LocalSystem privilege-escalation ability, related to improper management of the SeImpersonatePrivilege user right, as originally reported for Internet Information Services (IIS), aka Token Kidnapping.
14784| [CVE-2008-1435] Windows Explorer in Microsoft Windows Vista up to SP1, and Server 2008, allows user-assisted remote attackers to execute arbitrary code via crafted saved-search (.search-ms) files that are not properly handled when saving, aka "Windows Saved Search Vulnerability."
14785| [CVE-2008-1434] Use-after-free vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via an HTML document with a large number of Cascading Style Sheets (CSS) selectors, related to a "memory handling error" that triggers memory corruption.
14786| [CVE-2008-1092] Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
14787| [CVE-2008-1091] Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
14788| [CVE-2008-1090] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
14789| [CVE-2008-1089] Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
14790| [CVE-2008-1088] Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
14791| [CVE-2008-1087] Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
14792| [CVE-2008-1086] The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
14793| [CVE-2008-1084] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, through Vista SP1, and Server 2008 allows local users to execute arbitrary code via unknown vectors related to improper input validation. NOTE: it was later reported that one affected function is NtUserFnOUTSTRING in win32k.sys.
14794| [CVE-2008-1083] Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
14795| [CVE-2008-0121] A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
14796| [CVE-2008-0120] Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
14797| [CVE-2008-0119] Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
14798| [CVE-2008-0118] Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
14799| [CVE-2008-0117] Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
14800| [CVE-2008-0116] Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
14801| [CVE-2008-0115] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
14802| [CVE-2008-0114] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
14803| [CVE-2008-0113] Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
14804| [CVE-2008-0112] Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
14805| [CVE-2008-0111] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
14806| [CVE-2008-0110] Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
14807| [CVE-2008-0109] Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
14808| [CVE-2008-0108] Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
14809| [CVE-2008-0106] Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
14810| [CVE-2008-0105] Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
14811| [CVE-2008-0104] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
14812| [CVE-2008-0103] Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
14813| [CVE-2008-0102] Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
14814| [CVE-2008-0088] Unspecified vulnerability in Active Directory on Microsoft Windows 2000 and Windows Server 2003, and Active Directory Application Mode (ADAM) on XP and Server 2003, allows remote attackers to cause a denial of service (hang and restart) via a crafted LDAP request.
14815| [CVE-2008-0087] The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, and Vista uses predictable DNS transaction IDs, which allows remote attackers to spoof DNS responses.
14816| [CVE-2008-0086] Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
14817| [CVE-2008-0083] The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
14818| [CVE-2008-0081] Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
14819| [CVE-2008-0080] Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
14820| [CVE-2008-0020] Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
14821| [CVE-2008-0015] Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
14822| [CVE-2008-0011] Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
14823| [CVE-2007-6753] Untrusted search path vulnerability in Shell32.dll in Microsoft Windows 2000, Windows XP, Windows Vista, Windows Server 2008, and Windows 7, when using an environment configured with a string such as %APPDATA% or %PROGRAMFILES% in a certain way, allows local users to gain privileges via a Trojan horse DLL under the current working directory, as demonstrated by iTunes and Safari.
14824| [CVE-2007-6357] Stack-based buffer overflow in Microsoft Office Access allows remote, user-assisted attackers to execute arbitrary code via a crafted Microsoft Access Database (.mdb) file. NOTE: due to the lack of details as of 20071210, it is not clear whether this issue is the same as CVE-2007-6026 or CVE-2005-0944.
14825| [CVE-2007-6329] Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not sign the metadata of Office Open XML (OOXML) documents, which makes it easier for remote attackers to modify Dublin Core metadata fields, as demonstrated by the (1) LastModifiedBy and (2) creator fields in docProps/core.xml in the OOXML ZIP container.
14826| [CVE-2007-6043] The CryptGenRandom function in Microsoft Windows 2000 generates predictable values, which makes it easier for context-dependent attackers to reduce the effectiveness of cryptographic mechanisms, as demonstrated by attacks on (1) forward security and (2) backward security, related to use of eight instances of the RC4 cipher, and possibly a related issue to CVE-2007-3898.
14827| [CVE-2007-6026] Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
14828| [CVE-2007-5587] Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as shipped in Microsoft Windows XP SP2, XP Professional x64 and x64 SP2, Server 2003 SP1 and SP2, and Server 2003 x64 and x64 SP2 allows local users to overwrite arbitrary memory locations and gain privileges via a crafted argument to a METHOD_NEITHER IOCTL, as originally discovered in the wild.
14829| [CVE-2007-5352] Unspecified vulnerability in Local Security Authority Subsystem Service (LSASS) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows local users to gain privileges via a crafted local procedure call (LPC) request.
14830| [CVE-2007-5348] Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
14831| [CVE-2007-4991] The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) Server 2004 SP1 and SP2 allows remote attackers to obtain potentially sensitive information (the destination IP address of another user's session) via an empty packet.
14832| [CVE-2007-4916] Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
14833| [CVE-2007-4814] Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second argument to the Start method.
14834| [CVE-2007-3930] Interpretation conflict between Microsoft Internet Explorer and DocuWiki before 2007-06-26b allows remote attackers to inject arbitrary JavaScript and conduct cross-site scripting (XSS) attacks when spellchecking UTF-8 encoded messages via the spell_utf8test function in lib/exe/spellcheck.php, which triggers HTML document identification and script execution by Internet Explorer even though the Content-Type header is text/plain.
14835| [CVE-2007-3924] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a -chrome argument to the navigatorurl URI, which are inserted into the command line that is created when invoking netscape.exe, a related issue to CVE-2007-3670. NOTE: there has been debate about whether the issue is in Internet Explorer or Netscape. As of 20070713, it is CVE's opinion that IE appears to not properly delimit the URL argument when invoking Netscape
14836| [CVE-2007-3899] Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string in a Word file, aka "Word Memory Corruption Vulnerability."
14837| [CVE-2007-3898] The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 SP1 and SP2, uses predictable transaction IDs when querying other DNS servers, which allows remote attackers to spoof DNS replies, poison the DNS cache, and facilitate further attack vectors.
14838| [CVE-2007-3896] The URL handling in Shell32.dll in the Windows shell in Microsoft Windows XP and Server 2003, with Internet Explorer 7 installed, allows remote attackers to execute arbitrary programs via invalid "%" sequences in a mailto: or other URI handler, as demonstrated using mIRC, Outlook, Firefox, Adobe Reader, Skype, and other applications. NOTE: this issue might be related to other issues involving URL handlers in Windows systems, such as CVE-2007-3845. There also might be separate but closely related issues in the applications that are invoked by the handlers.
14839| [CVE-2007-3890] Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via a Workspace with a certain index value that triggers memory corruption.
14840| [CVE-2007-3670] Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Firefox installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in a (1) FirefoxURL or (2) FirefoxHTML URI, which are inserted into the command line that is created when invoking firefox.exe. NOTE: it has been debated as to whether the issue is in Internet Explorer or Firefox. As of 20070711, it is CVE's opinion that IE appears to be failing to properly delimit the URL argument when invoking Firefox, and this issue could arise with other protocol handlers in IE as well. However, Mozilla has stated that it will address the issue with a "defense in depth" fix that will "prevent IE from sending Firefox malicious data."
14841| [CVE-2007-3490] Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote attackers to have an unknown impact via unspecified vectors, possibly related to the sheet name, as demonstrated by 2670.xls.
14842| [CVE-2007-3300] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070619 allow remote attackers to bypass scanning via a crafted header in a (1) LHA or (2) RAR archive.
14843| [CVE-2007-3040] Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
14844| [CVE-2007-3039] Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
14845| [CVE-2007-3036] Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and 3.5, and (2) Subsystem for UNIX-based Applications in Microsoft Windows 2000, XP, Server 2003, and Vista allows local users to gain privileges via unspecified vectors related to "certain setuid binary files."
14846| [CVE-2007-3034] Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
14847| [CVE-2007-3030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file involving the "denoting [of] the start of a Workspace designation", which results in memory corruption, aka the "Workbook Memory Corruption Vulnerability".
14848| [CVE-2007-3029] Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
14849| [CVE-2007-3028] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4 does not properly check "the number of convertible attributes", which allows remote attackers to cause a denial of service (service unavailability) via a crafted LDAP request, related to "client sent LDAP request logic," aka "Windows Active Directory Denial of Service Vulnerability". NOTE: this is probably a different issue than CVE-2007-0040.
14850| [CVE-2007-2999] Microsoft Windows Server 2003, when time restrictions are in effect for user accounts, generates different error messages for failed login attempts with a valid user name than for those with an invalid user name, which allows context-dependent attackers to determine valid Active Directory account names.
14851| [CVE-2007-2967] Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
14852| [CVE-2007-2966] Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.
14853| [CVE-2007-2903] Buffer overflow in the HelpPopup method in the Microsoft Office 2000 Controllo UA di Microsoft Office ActiveX control (OUACTRL.OCX) 1.0.1.9 allows remote attackers to cause a denial of service (probably winhlp32.exe crash) via a long first argument. NOTE: it is not clear whether this issue crosses privilege boundaries.
14854| [CVE-2007-2593] The Terminal Server in Microsoft Windows 2003 Server, when using TLS, allows remote attackers to bypass SSL and self-signed certificate requirements, downgrade the server security, and possibly conduct man-in-the-middle attacks via unspecified vectors, as demonstrated using the Remote Desktop Protocol (RDP) 6.0 client. NOTE: a third party claims that the vendor may have fixed this in approximately 2006.
14855| [CVE-2007-2581] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO (query string) in "every main page," as demonstrated by default.aspx.
14856| [CVE-2007-2374] Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
14857| [CVE-2007-2228] rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, XP Professional x64 Edition, Server 2003 SP1 and SP2, Server 2003 x64 Edition and x64 Edition SP2, and Vista and Vista x64 Edition allows remote attackers to cause a denial of service (RPCSS service stop and system restart) via an RPC request that uses NTLMSSP PACKET authentication with a zero-valued verification trailer signature, which triggers an invalid dereference. NOTE: this also affects Windows 2000 SP4, although the impact is an information leak.
14858| [CVE-2007-2224] Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
14859| [CVE-2007-2221] Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14860| [CVE-2007-2219] Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
14861| [CVE-2007-2218] Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
14862| [CVE-2007-2217] Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
14863| [CVE-2007-1911] Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
14864| [CVE-2007-1910] Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
14865| [CVE-2007-1765] Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038
14866| [CVE-2007-1756] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office Excel 2007 does not properly validate version information, which allows user-assisted remote attackers to execute arbitrary code via a crafted Excel file, aka "Calculation Error Vulnerability".
14867| [CVE-2007-1754] PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear memory when transferring data from disk to memory, which allows user-assisted remote attackers to execute arbitrary code via a malformed .pub page via a certain negative value, which bypasses a sanitization procedure that initializes critical pointers to NULL, aka the "Publisher Invalid Memory Reference Vulnerability".
14868| [CVE-2007-1748] Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
14869| [CVE-2007-1747] Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a malformed drawing object, which triggers memory corruption.
14870| [CVE-2007-1645] Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows 2000 SP4 allows remote attackers to execute arbitrary code via a long request on UDP port 69. NOTE: this issue might overlap CVE-2006-4781 or CVE-2005-1812.
14871| [CVE-2007-1537] \Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 SP1 uses weak permissions, which allows local users to write to the device and cause a denial of service, as demonstrated by using an IRQL to acquire a spinlock on paged memory via the NdisTapiDispatch function.
14872| [CVE-2007-1512] Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003 Gold and SP1 allows user-assisted remote attackers to have an unknown impact (probably crash) via an RTF file with a malformed OLE object, which results in writing two 0x00 characters past the end of szBuffer, aka the "MFC42u.dll Off-by-Two Overflow." NOTE: this issue is due to an incomplete patch (MS07-012) for CVE-2007-0025.
14873| [CVE-2007-1347] Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and possibly other versions and platforms, allows remote attackers to cause a denial of service (memory corruption and crash) via an Office file with crafted document summary information, which causes an error in Ole32.dll.
14874| [CVE-2007-1239] Microsoft Excel 2003 does not properly parse .XLS files, which allows remote attackers to cause a denial of service (application crash) via a file with a (1) corrupted XML format or a (2) corrupted XLS format, which triggers a NULL pointer dereference.
14875| [CVE-2007-1238] Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.
14876| [CVE-2007-1215] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
14877| [CVE-2007-1214] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted AutoFilter filter record in an Excel BIFF8 format XLS file, which triggers memory corruption.
14878| [CVE-2007-1213] The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows local users to gain privileges via crafted TrueType fonts, which result in an uninitialized function pointer.
14879| [CVE-2007-1212] Buffer overflow in the Graphics Device Interface (GDI) in Microsoft Windows 2000 SP4
14880| [CVE-2007-1211] Unspecified kernel GDI functions in Microsoft Windows 2000 SP4
14881| [CVE-2007-1205] Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in Windows 2000 SP4, XP SP2, and Server 2003, 2003 SP1, and 2003 SP2 allows remote attackers to execute arbitrary code via crafted URLs, which result in memory corruption.
14882| [CVE-2007-1203] Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, 2004 for Mac, and 2007 allows user-assisted remote attackers to execute arbitrary code via a crafted set font value in an Excel file, which results in memory corruption.
14883| [CVE-2007-1202] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly parse certain rich text "property strings of certain control words," which allows user-assisted remote attackers to trigger heap corruption and execute arbitrary code, aka the "Word RTF Parsing Vulnerability."
14884| [CVE-2007-1201] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via vectors related to DataSource that trigger memory corruption, aka "Office Web Components DataSource Vulnerability."
14885| [CVE-2007-1117] Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
14886| [CVE-2007-1090] Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.
14887| [CVE-2007-1083] Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.
14888| [CVE-2007-0948] Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac 7.1 and 7, and Virtual Server 2005 and 2005 R2, allows local guest OS administrators to execute arbitrary code on the host OS via unspecified vectors related to "interaction and initialization of components."
14889| [CVE-2007-0947] Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946.
14890| [CVE-2007-0946] Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947.
14891| [CVE-2007-0945] Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4
14892| [CVE-2007-0944] Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14893| [CVE-2007-0942] Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4
14894| [CVE-2007-0940] Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
14895| [CVE-2007-0939] Cross-site scripting (XSS) vulnerability in Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving HTML redirection queries, aka "Cross-site Scripting and Spoofing Vulnerability."
14896| [CVE-2007-0938] Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
14897| [CVE-2007-0936] Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
14898| [CVE-2007-0934] Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
14899| [CVE-2007-0913] Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
14900| [CVE-2007-0870] Unspecified vulnerability in Microsoft Word 2000 allows remote attackers to cause a denial of service (crash) via unknown vectors, a different vulnerability than CVE-2006-5994, CVE-2006-6456, CVE-2006-6561, and CVE-2007-0515, a variant of Exploit-MS06-027.
14901| [CVE-2007-0843] The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
14902| [CVE-2007-0811] Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
14903| [CVE-2007-0671] Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
14904| [CVE-2007-0612] Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and Vista allows remote attackers to cause a denial of service (Internet Explorer crash) by accessing the bgColor, fgColor, linkColor, alinkColor, vlinkColor, or defaultCharset properties in the (1) giffile, (2) htmlfile, (3) jpegfile, (4) mhtmlfile, (5) ODCfile, (6) pjpegfile, (7) pngfile, (8) xbmfile, (9) xmlfile, (10) xslfile, or (11) wdfile objects in (a) mshtml.dll
14905| [CVE-2007-0515] Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
14906| [CVE-2007-0351] Microsoft Windows XP and Windows Server 2003 do not properly handle user logoff, which might allow local users to gain the privileges of a previous system user, possibly related to user profile unload failure. NOTE: it is not clear whether this is an issue in Windows itself, or an interaction with another product. The issue might involve ZoneAlarm not being able to terminate processes when it cannot prompt the user.
14907| [CVE-2007-0221] Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange Server 2000 SP3 allows remote attackers to cause a denial of service (service hang) via crafted literals in an IMAP command, aka the "IMAP Literal Processing Vulnerability."
14908| [CVE-2007-0220] Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2000 SP3, and 2003 SP1 and SP2 allows remote attackers to execute arbitrary scripts, spoof content, or obtain sensitive information via certain UTF-encoded, script-based e-mail attachments, involving an "incorrectly handled UTF character set label".
14909| [CVE-2007-0216] wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
14910| [CVE-2007-0215] Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record, which results in memory corruption.
14911| [CVE-2007-0214] The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
14912| [CVE-2007-0213] Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
14913| [CVE-2007-0211] The hardware detection functionality in the Windows Shell in Microsoft Windows XP SP2 and Professional, and Server 2003 SP1 allows local users to gain privileges via an unvalidated parameter to a function related to the "detection and registration of new hardware."
14914| [CVE-2007-0209] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
14915| [CVE-2007-0208] Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
14916| [CVE-2007-0069] Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
14917| [CVE-2007-0066] The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, when ICMP Router Discovery Protocol (RDP) is enabled, allows remote attackers to cause a denial of service via fragmented router advertisement ICMP packets that trigger an out-of-bounds read, aka "Windows Kernel TCP/IP/ICMP Vulnerability."
14918| [CVE-2007-0065] Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
14919| [CVE-2007-0064] Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
14920| [CVE-2007-0043] The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
14921| [CVE-2007-0042] Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
14922| [CVE-2007-0041] The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
14923| [CVE-2007-0040] The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
14924| [CVE-2007-0039] The Exchange Collaboration Data Objects (EXCDO) functionality in Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 allows remote attackers to cause a denial of service (crash) via an Internet Calendar (iCal) file containing multiple X-MICROSOFT-CDO-MODPROPS (MODPROPS) properties in which the second MODPROPS is longer than the first, which triggers a NULL pointer dereference and an unhandled exception.
14925| [CVE-2007-0038] Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765
14926| [CVE-2007-0035] Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
14927| [CVE-2007-0034] Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
14928| [CVE-2007-0033] Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
14929| [CVE-2007-0031] Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
14930| [CVE-2007-0030] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
14931| [CVE-2007-0029] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a malformed string, aka "Excel Malformed String Vulnerability."
14932| [CVE-2007-0028] Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, and Office v.X for Mac does not properly handle certain opcodes, which allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file, which results in an "Improper Memory Access Vulnerability." NOTE: an early disclosure of this issue used CVE-2006-3432, but only CVE-2007-0028 should be used.
14933| [CVE-2007-0027] Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via malformed IMDATA records that trigger memory corruption.
14934| [CVE-2007-0026] The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption.
14935| [CVE-2007-0025] The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 and Visual Studio .NET 2000, 2002 SP1, 2003, and 2003 SP1 allows user-assisted remote attackers to execute arbitrary code via an RTF file with a malformed OLE object that triggers memory corruption. NOTE: this might be due to a stack-based buffer overflow in the AfxOleSetEditMenu function in MFC42u.dll.
14936| [CVE-2007-0024] Integer overflow in the Vector Markup Language (VML) implementation (vgx.dll) in Microsoft Internet Explorer 5.01, 6, and 7 on Windows 2000 SP4, XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted web page that contains unspecified integer properties that cause insufficient memory allocation and trigger a buffer overflow, aka the "VML Buffer Overrun Vulnerability."
14937| [CVE-2006-7210] Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
14938| [CVE-2006-7192] Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle comment (/* */) enclosures, which allows remote attackers to bypass request filtering and conduct cross-site scripting (XSS) attacks, or cause a denial of service, as demonstrated via an xss:expression STYLE attribute in a closing XSS HTML tag.
14939| [CVE-2006-7027] Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
14940| [CVE-2006-6723] The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request.
14941| [CVE-2006-6696] Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
14942| [CVE-2006-6617] projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
14943| [CVE-2006-6561] Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
14944| [CVE-2006-6456] Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and Word Viewer 2003 allows remote attackers to execute code via unspecified vectors related to malformed data structures that trigger memory corruption, a different vulnerability than CVE-2006-5994.
14945| [CVE-2006-6296] The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
14946| [CVE-2006-6134] Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
14947| [CVE-2006-6133] Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.
14948| [CVE-2006-5994] Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
14949| [CVE-2006-5758] The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
14950| [CVE-2006-5586] The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 allows local users to gain privileges via "invalid application window sizes" in layered application windows, aka the "GDI Invalid Window Size Elevation of Privilege Vulnerability."
14951| [CVE-2006-5585] The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
14952| [CVE-2006-5584] The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
14953| [CVE-2006-5583] Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
14954| [CVE-2006-5574] Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
14955| [CVE-2006-5296] PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted PowerPoint (.PPT) file, as demonstrated by Nanika.ppt, and a different vulnerability than CVE-2006-3435, CVE-2006-3876, CVE-2006-3877, and CVE-2006-4694. NOTE: the impact of this issue was originally claimed to be arbitrary code execution, but later analysis demonstrated that this was erroneous.
14956| [CVE-2006-4854] ** REJECT ** Unspecified vulnerability in Microsoft Office 2000 (Chinese Edition) and Microsoft PowerPoint 2000 (Chinese Edition) allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as Trojan.PPDropper.E. NOTE: on 20060919, Microsoft notified CVE that this is a duplicate of CVE-2006-0009.
14957| [CVE-2006-4704] Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
14958| [CVE-2006-4702] Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
14959| [CVE-2006-4696] Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
14960| [CVE-2006-4695] Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
14961| [CVE-2006-4694] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
14962| [CVE-2006-4693] Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
14963| [CVE-2006-4692] Argument injection vulnerability in the Windows Object Packager (packager.exe) in Microsoft Windows XP SP1 and SP2 and Server 2003 SP1 and earlier allows remote user-assisted attackers to execute arbitrary commands via a crafted file with a "/" (slash) character in the filename of the Command Line property, followed by a valid file extension, which causes the command before the slash to be executed, aka "Object Packager Dialogue Spoofing Vulnerability."
14964| [CVE-2006-4691] Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
14965| [CVE-2006-4689] Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
14966| [CVE-2006-4688] Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
14967| [CVE-2006-4534] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
14968| [CVE-2006-4495] Microsoft Internet Explorer allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code by instantiating certain Windows 2000 ActiveX COM Objects including (1) ciodm.dll, (2) myinfo.dll, (3) msdxm.ocx, and (4) creator.dll.
14969| [CVE-2006-4274] ** REJECT ** Unknown vulnerability in Microsoft PowerPoint allows user-assisted attackers to execute arbitrary code via a crafted PPT document, as exploited by malware such as TROJ_MDROPPER.BH. NOTE: on 20060822, it was determined that TROJ_MDROPPER.BH was exploiting CVE-2006-0009, so this is not a new vulnerability.
14970| [CVE-2006-4219] The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.
14971| [CVE-2006-4183] Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
14972| [CVE-2006-4071] Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.
14973| [CVE-2006-3992] Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) w22n51.sys, (3) w29n50.sys, and (4) w29n51.sys Microsoft Windows drivers for Intel 2200BG and 2915ABG PRO/Wireless Network Connection before 10.5 with driver 9.0.4.16 allows remote attackers to execute arbitrary code via certain frames that trigger memory corruption.
14974| [CVE-2006-3942] The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research
14975| [CVE-2006-3897] Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
14976| [CVE-2006-3880] ** DISPUTED ** Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Small Business Server 2003 allow remote attackers to cause a denial of service (IP stack hang) via a continuous stream of packets on TCP port 135 that have incorrect TCP header checksums and random numbers in certain TCP header fields, as demonstrated by the Achilles Windows Attack Tool. NOTE: the researcher reports that the Microsoft Security Response Center has stated "Our investigation which has included code review, review of the TCPDump, and attempts on reproing the issue on multiple fresh installs of various Windows Operating Systems have all resulted in non confirmation."
14977| [CVE-2006-3877] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
14978| [CVE-2006-3876] Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
14979| [CVE-2006-3875] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted COLINFO record in an XLS file, a different vulnerability than CVE-2006-2387 and CVE-2006-3867.
14980| [CVE-2006-3873] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
14981| [CVE-2006-3869] Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060824, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL on a website that uses HTTP 1.1 compression.
14982| [CVE-2006-3868] Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag.
14983| [CVE-2006-3867] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, and Excel Viewer 2003 allows user-assisted attackers to execute arbitrary code via a crafted Lotus 1-2-3 file, a different vulnerability than CVE-2006-2387 and CVE-2006-3875.
14984| [CVE-2006-3864] Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
14985| [CVE-2006-3841] Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
14986| [CVE-2006-3660] Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown impact and user-assisted attack vectors related to powerpnt.exe. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3656, and CVE-2006-3590, although it is possible that they are all different.
14987| [CVE-2006-3656] Unspecified vulnerability in Microsoft PowerPoint 2003 allows user-assisted attackers to cause memory corruption via a crafted PowerPoint file, which triggers the corruption when the file is closed. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3655, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
14988| [CVE-2006-3655] Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 allows user-assisted attackers to execute arbitrary code via a crafted PowerPoint file. NOTE: due to the lack of available details as of 20060717, it is unclear how this is related to CVE-2006-3656, CVE-2006-3660, and CVE-2006-3590, although it is possible that they are all different.
14989| [CVE-2006-3652] Microsoft Internet Security and Acceleration (ISA) Server 2004 allows remote attackers to bypass file extension filters via a request with a trailing "#" character. NOTE: as of 20060715, this could not be reproduced by third parties.
14990| [CVE-2006-3651] Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via a crafted mail merge file, a different vulnerability than CVE-2006-3647 and CVE-2006-4693.
14991| [CVE-2006-3650] Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not properly parse the length of a chart record, which allows remote user-assisted attackers to execute arbitrary code via a Word document with an embedded malformed chart record that triggers an overwrite of pointer values with values from the document, a different vulnerability than CVE-2006-3434, CVE-2006-3864, and CVE-2006-3868.
14992| [CVE-2006-3649] Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK 6.0 through 6.4, as used by Microsoft Office 2000 SP3, Office XP SP3, Project 2000 SR1, Project 2002 SP1, Access 2000 Runtime SP3, Visio 2002 SP2, and Works Suite 2004 through 2006, allows user-assisted attackers to execute arbitrary code via unspecified document properties that are not verified when VBA is invoked to open documents.
14993| [CVE-2006-3648] Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 and 2003 SP1, allows remote attackers to execute arbitrary code via unspecified vectors involving unhandled exceptions, memory resident applications, and incorrectly "unloading chained exception."
14994| [CVE-2006-3647] Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word document, which overflows a 16-bit integer length value, aka "Memmove Code Execution," a different vulnerability than CVE-2006-3651 and CVE-2006-4693.
14995| [CVE-2006-3643] Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and 6 in Microsoft Windows 2000 SP4 permits access to local "HTML-embedded resource files" in the Microsoft Management Console (MMC) library, which allows remote authenticated users to execute arbitrary commands, aka "MMC Redirect Cross-Site Scripting Vulnerability."
14996| [CVE-2006-3590] mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows user-assisted attackers to execute arbitrary commands via a malformed shape container in a PPT file that leads to memory corruption, as exploited by Trojan.PPDropper.B, a different issue than CVE-2006-1540 and CVE-2006-3493.
14997| [CVE-2006-3510] The Remote Data Service Object (RDS.DataControl) in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (crash) via a series of operations that result in an invalid length calculation when using SysAllocStringLen, then triggers a buffer over-read.
14998| [CVE-2006-3493] Buffer overflow in LsCreateLine function (mso_203) in mso.dll and mso9.dll, as used by Microsoft Word and possibly other products in Microsoft Office 2003, 2002, and 2000, allows remote user-assisted attackers to cause a denial of service (crash) via a crafted Word DOC or other Office file type. NOTE: this issue was originally reported to allow code execution, but on 20060710 Microsoft stated that code execution is not possible, and the original researcher agrees.
14999| [CVE-2006-3449] Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, possibly a buffer overflow, allows user-assisted remote attackers to execute arbitrary commands via a malformed record in the BIFF file format used in a PPT file, a different issue than CVE-2006-1540, aka "Microsoft PowerPoint Malformed Record Vulnerability."
15000| [CVE-2006-3448] Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.
15001| [CVE-2006-3445] Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
15002| [CVE-2006-3444] Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
15003| [CVE-2006-3443] Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
15004| [CVE-2006-3441] Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
15005| [CVE-2006-3440] Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
15006| [CVE-2006-3439] Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
15007| [CVE-2006-3436] Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "ASP.NET controls that set the AutoPostBack property to true".
15008| [CVE-2006-3435] PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac does not properly parse the slide notes field in a document, which allows remote user-assisted attackers to execute arbitrary code via crafted data in this field, which triggers an erroneous object pointer calculation that uses data from within the document. NOTE: this issue is different than other PowerPoint vulnerabilities including CVE-2006-4694.
15009| [CVE-2006-3434] Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string that triggers memory corruption.
15010| [CVE-2006-3431] Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. NOTE: Microsoft has confirmed to CVE via e-mail that this is different than the other Excel vulnerabilities announced before 20060707, including CVE-2006-3059 and CVE-2006-3086.
15011| [CVE-2006-3059] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors. NOTE: this is a different vulnerability than CVE-2006-3086.
15012| [CVE-2006-2492] Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack.
15013| [CVE-2006-2389] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with a malformed property that triggers memory corruption related to record lengths, aka "Microsoft Office Property Vulnerability," a different vulnerability than CVE-2006-1316.
15014| [CVE-2006-2388] Microsoft Office Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via malformed cell comments, which lead to modification of "critical data offsets" during the rebuilding process.
15015| [CVE-2006-2387] Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 for Mac, v.X for Mac, Excel Viewer 2003, and Microsoft Works Suite 2004 through 2006 allows user-assisted attackers to execute arbitrary code via a crafted DATETIME record in an XLS file, a different vulnerability than CVE-2006-3867 and CVE-2006-3875.
15016| [CVE-2006-2380] Microsoft Windows 2000 SP4 does not properly validate an RPC server during mutual authentication over SSL, which allows remote attackers to spoof an RPC server, aka the "RPC Mutual Authentication Vulnerability."
15017| [CVE-2006-2379] Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
15018| [CVE-2006-2378] Buffer overflow in the ART Image Rendering component (jgdw400.dll) in Microsoft Windows XP SP1 and Sp2, Server 2003 SP1 and earlier, and Windows 98 and Me allows remote attackers to execute arbitrary code via a crafted ART image that causes heap corruption.
15019| [CVE-2006-2374] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."
15020| [CVE-2006-2373] The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHOD_NEITHER method flag and an arbitrary address, possibly for kernel memory, aka the "SMB Driver Elevation of Privilege Vulnerability."
15021| [CVE-2006-2372] Buffer overflow in the DHCP Client service for Microsoft Windows 2000 SP4, Windows XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a crafted DHCP response.
15022| [CVE-2006-2371] Buffer overflow in the Remote Access Connection Manager service (RASMAN) service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," that lead to registry corruption and stack corruption, aka the "RASMAN Registry Corruption Vulnerability."
15023| [CVE-2006-2370] Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
15024| [CVE-2006-2334] The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in Microsoft Windows 2000 SP4 and XP SP2 does not properly convert DOS style paths with trailing spaces into NT style paths, which allows context-dependent attackers to create files that cannot be accessed through the expected DOS path or prevent access to other similarly named files in the same directory, which prevents those files from being detected or disinfected by certain anti-virus and anti-spyware software.
15025| [CVE-2006-2094] Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
15026| [CVE-2006-2055] Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows user-assisted remote attackers to modify command line arguments to an invoked mail client via " (double quote) characters in a mailto: scheme handler, as demonstrated by launching Microsoft Outlook with an arbitrary filename as an attachment. NOTE: it is not clear whether this issue is implementation-specific or a problem in the Microsoft API.
15027| [CVE-2006-1654] Directory traversal vulnerability in the HP Color LaserJet 2500 Toolbox and Color LaserJet 4600 Toolbox on Microsoft Windows before 20060402 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 5225.
15028| [CVE-2006-1651] ** DISPUTED ** Microsoft ISA Server 2004 allows remote attackers to bypass certain filtering rules, including ones for (1) ICMP and (2) TCP, via IPv6 packets. NOTE: An established researcher has disputed this issue, saying that "Neither ISA Server 2004 nor Windows 2003 Basic Firewall support IPv6 filtering ... This is different network protocol."
15029| [CVE-2006-1540] MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll
15030| [CVE-2006-1316] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389.
15031| [CVE-2006-1315] The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to obtain sensitive information via crafted requests that leak information in SMB buffers, which are not properly initialized, aka "SMB Information Disclosure Vulnerability."
15032| [CVE-2006-1314] Heap-based buffer overflow in the Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP SP1 and SP2, Server 2003 up to SP1, and other products, allows remote attackers to execute arbitrary code via crafted first-class Mailslot messages that triggers memory corruption and bypasses size restrictions on second-class Mailslot messages.
15033| [CVE-2006-1313] Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on Windows XP, Server 2003, Windows 98 and Windows Me, will "release objects early" in certain cases, which results in memory corruption and allows remote attackers to execute arbitrary code.
15034| [CVE-2006-1311] The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1
15035| [CVE-2006-1309] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption.
15036| [CVE-2006-1308] Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value.
15037| [CVE-2006-1306] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability."
15038| [CVE-2006-1305] Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers.
15039| [CVE-2006-1304] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation."
15040| [CVE-2006-1302] Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability."
15041| [CVE-2006-1301] Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302.
15042| [CVE-2006-1300] Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1 allows remote attackers to bypass access restrictions via unspecified "URL paths" that can access Application Folder objects "explicitly by name."
15043| [CVE-2006-1257] The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice.
15044| [CVE-2006-1193] Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server 2000 SP1 through SP3, when running Outlook Web Access (OWA), allows user-assisted remote attackers to inject arbitrary HTML or web script via unknown vectors related to "HTML parsing."
15045| [CVE-2006-1184] Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0, 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to cause a denial of service (crash) via a BuildContextW request with a large (1) UuidString or (2) GuidIn of a certain length, which causes an out-of-range memory access, aka the MSDTC Denial of Service Vulnerability. NOTE: this is a variant of CVE-2005-2119.
15046| [CVE-2006-0988] The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
15047| [CVE-2006-0935] Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz.
15048| [CVE-2006-0187] By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
15049| [CVE-2006-0034] Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3 allows remote attackers to execute arbitrary code via a long fifth argument to the BuildContextW or BuildContext opcode, which triggers a bug in the NdrAllocate function, aka the MSDTC Invalid Memory Access Vulnerability.
15050| [CVE-2006-0033] Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
15051| [CVE-2006-0032] Cross-site scripting (XSS) vulnerability in the Indexing Service in Microsoft Windows 2000, XP, and Server 2003, when the Encoding option is set to Auto Select, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded URL, which is injected into an error message whose charset is set to UTF-7.
15052| [CVE-2006-0031] Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
15053| [CVE-2006-0030] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
15054| [CVE-2006-0029] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
15055| [CVE-2006-0028] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
15056| [CVE-2006-0023] Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.
15057| [CVE-2006-0022] Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP1 and SP2, Office 2004 for Mac, and v. X for Mac allows user-assisted attackers to execute arbitrary code via a PowerPoint document with a malformed record, which triggers memory corruption.
15058| [CVE-2006-0021] Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
15059| [CVE-2006-0020] An unspecified Microsoft WMF parsing application, as used in Internet Explorer 5.01 SP4 on Windows 2000 SP4, and 5.5 SP2 on Windows Millennium, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute code via a crafted WMF file with a manipulated WMF header size, possibly involving an integer overflow, a different vulnerability than CVE-2005-4560, and aka "WMF Image Parsing Memory Corruption Vulnerability."
15060| [CVE-2006-0015] Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.
15061| [CVE-2006-0013] Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote authenticated users or Guests to execute arbitrary code via crafted RPC requests, a different vulnerability than CVE-2005-1207.
15062| [CVE-2006-0012] Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability."
15063| [CVE-2006-0010] Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 up to SP1, Windows 98, and Windows ME allows remote attackers to execute arbitrary code via an e-mail message or web page with a crafted Embedded Open Type (EOT) web font that triggers the overflow during decompression.
15064| [CVE-2006-0009] Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
15065| [CVE-2006-0008] The ShellAbout API call in Korean Input Method Editor (IME) in Korean versions of Microsoft Windows XP SP1 and SP2, Windows Server 2003 up to SP1, and Office 2003, allows local users to gain privileges by launching the "shell about dialog box" and clicking the "End-User License Agreement" link, which executes Notepad with the privileges of the program that displays the about box.
15066| [CVE-2006-0007] Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted GIF image that triggers memory corruption when it is parsed.
15067| [CVE-2006-0006] Heap-based buffer overflow in the bitmap processing routine in Microsoft Windows Media Player 7.1 on Windows 2000 SP4, Media Player 9 on Windows 2000 SP4 and XP SP1, and Media Player 10 on XP SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted bitmap (.BMP) file that specifies a size of 0 but contains additional data.
15068| [CVE-2006-0004] Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with Internet Explorer that allows remote attackers to obtain sensitive information via a PowerPoint presentation that attempts to access objects in the Temporary Internet Files Folder (TIFF).
15069| [CVE-2006-0002] Unspecified vulnerability in Microsoft Outlook 2000 through 2003, Exchange 5.0 Server SP2 and 5.5 SP4, Exchange 2000 SP3, and Office allows remote attackers to execute arbitrary code via an e-mail message with a crafted Transport Neutral Encapsulation Format (TNEF) MIME attachment, related to message length validation.
15070| [CVE-2006-0001] Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted PUB file, which causes an overflow when parsing fonts.
15071| [CVE-2005-4717] Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.
15072| [CVE-2005-4269] mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer 6.0 SP1 allows attackers to cause a denial of service (access violation) by causing mshtml.dll to process button-focus events at the same time that a document is reloading, as seen in Microsoft Office InfoPath 2003 by repeatedly clicking the "Delete" button in a repeating section in a form. NOTE: the normal operation of InfoPath appears to involve a local user without any privilege boundaries, so this might not be a vulnerability in InfoPath. If no realistic scenarios exist for this problem in other products, then perhaps it should be excluded from CVE.
15073| [CVE-2005-4131] Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed range, which could lead to memory corruption involving an argument to the msvcrt.memmove function, aka "Brand new Microsoft Excel Vulnerability," as originally placed for sale on eBay as item number 7203336538.
15074| [CVE-2005-3981] ** DISPUTED ** NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE.
15075| [CVE-2005-3945] The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU consumption) via a flood of SYN packets that produce identical hash values, which slows down the hash table lookups.
15076| [CVE-2005-3644] PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
15077| [CVE-2005-3177] CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, Windows XP, and Windows Server 2003, when running in fix mode, does not properly handle security descriptors if the master file table contains a large number of files or if the descriptors do not satisfy certain NTFS conventions, which could cause ACLs for some files to be reverted to less secure defaults, or cause security descriptors to be removed.
15078| [CVE-2005-3176] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record the IP address of a Windows Terminal Services client in a security log event if the client connects successfully, which could make it easier for attackers to escape detection.
15079| [CVE-2005-3175] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local administrator to unlock a computer even if it has been locked by a domain administrator, which allows the local administrator to access the session as the domain administrator.
15080| [CVE-2005-3174] Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to log on to the domain, even when their password has expired, if the fully qualified domain name (FQDN) is 8 characters long.
15081| [CVE-2005-3173] Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply group policies if the user logs on using UPN credentials with a trailing dot, which prevents Windows 2000 from finding the correct domain controller and could allow the user to bypass intended restrictions.
15082| [CVE-2005-3172] The WideCharToMultiByte function in Microsoft Windows 2000 before Update Rollup 1 for SP4 does not properly convert strings with Japanese composite characters in the last character, which could prevent the string from being null terminated and lead to data corruption or enable buffer overflow attacks.
15083| [CVE-2005-3171] Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID 1704 to indicate that Group Policy security settings were successfully updated, even when the processing fails such as when Ntuser.pol cannot be accessed, which could cause system administrators to believe that the system is compliant with the specified settings.
15084| [CVE-2005-3170] The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.
15085| [CVE-2005-3169] Microsoft Windows 2000 before Update Rollup 1 for SP4, when the "audit directory service access" policy is enabled, does not record a 565 event message for File Delete Child operations on an Active Directory object in the security event log, which could allow attackers to conduct unauthorized activities without detection.
15086| [CVE-2005-3168] The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 for SP4, when using a security template to set Access Control Lists (ACLs) on folders, does not apply ACLs on folders that are listed after a long folder entry, which could result in less secure permissions than specified by the template.
15087| [CVE-2005-2122] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote attackers to execute arbitrary commands via a shortcut (.lnk) file with long font properties that lead to a buffer overflow in the Client/Server Runtime Server Subsystem (CSRSS), a different vulnerability than CVE-2005-2118.
15088| [CVE-2005-2120] Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
15089| [CVE-2005-2118] Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 allows remote user-assisted attackers to execute arbitrary commands via a crafted shortcut (.lnk) file with long font properties that lead to a buffer overflow when the user views the file's properties using Windows Explorer, a different vulnerability than CVE-2005-2122.
15090| [CVE-2005-2117] Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 does not properly handle certain HTML characters in preview fields, which allows remote user-assisted attackers to execute arbitrary code.
15091| [CVE-2005-1985] The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages.
15092| [CVE-2005-1984] Buffer overflow in the Print Spooler service (Spoolsv.exe) for Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via a malicious message.
15093| [CVE-2005-1983] Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
15094| [CVE-2005-1982] Unknown vulnerability in the PKINIT Protocol for Microsoft Windows 2000, Windows XP, and Windows Server 2003 could allow a local user to obtain information and spoof a server via a man-in-the-middle (MITM) attack between a client and a domain controller when PKINIT smart card authentication is being used.
15095| [CVE-2005-1981] Unknown vulnerability in Microsoft Windows 2000 Server and Windows Server 2003 domain controllers allows remote authenticated users to cause a denial of service (system crash) via a crafted Kerberos message.
15096| [CVE-2005-1907] The ISA Firewall service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (Wspsrv.exe crash) via a large amount of SecureNAT network traffic.
15097| [CVE-2005-1683] Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft Word for the Macintosh, before SP3 for Word 2002, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted mcw file.
15098| [CVE-2005-1218] The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
15099| [CVE-2005-1216] Microsoft ISA Server 2000 allows remote attackers to connect to services utilizing the NetBIOS protocol via a NetBIOS connection with an ISA Server that uses the NetBIOS (all) predefined packet filter.
15100| [CVE-2005-1215] Microsoft ISA Server 2000 allows remote attackers to poison the ISA cache or bypass content restriction policies via a malformed HTTP request packet containing multiple Content-Length headers.
15101| [CVE-2005-1208] Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via a crafted compiled Help (.CHM) file with a large size field that triggers a heap-based buffer overflow, as demonstrated using a "ms-its:" URL in Internet Explorer.
15102| [CVE-2005-1207] Buffer overflow in the Web Client service in Microsoft Windows XP and Windows Server 2003 allows remote authenticated users to execute arbitrary code via a crafted WebDAV request containing special parameters.
15103| [CVE-2005-1206] Buffer overflow in the Server Message Block (SMB) functionality for Microsoft Windows 2000, XP SP1 and SP2, and Server 2003 and SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka the "Server Message Block Vulnerability."
15104| [CVE-2005-1205] The Telnet client for Microsoft Windows XP, Windows Server 2003, and Windows Services for UNIX allows remote attackers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
15105| [CVE-2005-1052] Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.
15106| [CVE-2005-0921] Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.
15107| [CVE-2005-0820] Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
15108| [CVE-2005-0738] Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.
15109| [CVE-2005-0564] Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and Microsoft Works Suites 2000 through 2004, might allow remote attackers to execute arbitrary code via a .doc file with long font information.
15110| [CVE-2005-0558] Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.
15111| [CVE-2005-0551] Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.
15112| [CVE-2005-0550] Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".
15113| [CVE-2005-0545] Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.
15114| [CVE-2005-0063] The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.
15115| [CVE-2005-0061] The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.
15116| [CVE-2005-0060] Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.
15117| [CVE-2005-0059] Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
15118| [CVE-2005-0058] Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.
15119| [CVE-2005-0048] Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."
15120| [CVE-2004-2527] The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
15121| [CVE-2004-2482] Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
15122| [CVE-2004-2365] Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard tool such as smbmount.
15123| [CVE-2004-2339] ** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed.
15124| [CVE-2004-1080] The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."
15125| [CVE-2004-0963] Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
15126| [CVE-2004-0897] The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
15127| [CVE-2004-0892] Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is included in Small Business Server 2000 and Small Business Server 2003 Premium Edition) allows remote attackers to spoof trusted Internet content on a specially crafted webpage via spoofed reverse DNS lookup results.
15128| [CVE-2004-0846] Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated.
15129| [CVE-2004-0840] The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.
15130| [CVE-2004-0728] The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
15131| [CVE-2004-0726] The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
15132| [CVE-2004-0575] Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
15133| [CVE-2004-0574] The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
15134| [CVE-2004-0573] Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
15135| [CVE-2004-0540] Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
15136| [CVE-2004-0503] Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
15137| [CVE-2004-0379] Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
15138| [CVE-2004-0284] Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
15139| [CVE-2004-0214] Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
15140| [CVE-2004-0211] The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
15141| [CVE-2004-0210] The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
15142| [CVE-2004-0209] Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
15143| [CVE-2004-0208] The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
15144| [CVE-2004-0207] "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
15145| [CVE-2004-0206] Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
15146| [CVE-2004-0204] Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx.
15147| [CVE-2004-0202] IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
15148| [CVE-2004-0201] Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
15149| [CVE-2004-0199] Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm).
15150| [CVE-2004-0124] The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability."
15151| [CVE-2004-0121] Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
15152| [CVE-2004-0120] The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
15153| [CVE-2004-0116] An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
15154| [CVE-2003-1378] Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077.
15155| [CVE-2003-1106] The SMTP service in Microsoft Windows 2000 before SP4 allows remote attackers to cause a denial of service (crash or hang) via an e-mail message with a malformed time stamp in the FILETIME attribute.
15156| [CVE-2003-0908] The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
15157| [CVE-2003-0906] Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
15158| [CVE-2003-0904] Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
15159| [CVE-2003-0839] Directory traversal vulnerability in the "Shell Folders" capability in Microsoft Windows Server 2003 allows remote attackers to read arbitrary files via .. (dot dot) sequences in a "shell:" link.
15160| [CVE-2003-0825] The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
15161| [CVE-2003-0824] Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Microsoft FrontPage Server Extensions 2000 and 2002, and Microsoft SharePoint Team Services 2002, allows remote attackers to cause a denial of service (response failure) via a certain request.
15162| [CVE-2003-0822] Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
15163| [CVE-2003-0821] Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
15164| [CVE-2003-0820] Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
15165| [CVE-2003-0819] Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
15166| [CVE-2003-0818] Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
15167| [CVE-2003-0807] Buffer overflow in the COM Internet Services and in the RPC over HTTP Proxy components for Microsoft Windows NT Server 4.0, NT 4.0 Terminal Server Edition, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service via a crafted request.
15168| [CVE-2003-0806] Buffer overflow in the Windows logon process (winlogon) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1, when a member of a domain, allows remote attackers to execute arbitrary code.
15169| [CVE-2003-0719] Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
15170| [CVE-2003-0665] Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
15171| [CVE-2003-0664] Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
15172| [CVE-2003-0662] Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Microsoft Windows 2000 SP4 and earlier allows remote attackers to execute arbitrary code via an HTML document with a long argument to the RunQuery2 method.
15173| [CVE-2003-0660] The Authenticode capability in Microsoft Windows NT through Server 2003 does not prompt the user to download and install ActiveX controls when the system is low on memory, which could allow remote attackers execute arbitrary code without user approval.
15174| [CVE-2003-0533] Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
15175| [CVE-2003-0526] Cross-site scripting (XSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to inject arbitrary web script via a URL containing the script in the domain name portion, which is not properly cleansed in the default error pages (1) 500.htm for "500 Internal Server error" or (2) 404.htm for "404 Not Found."
15176| [CVE-2003-0506] Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to cause a denial of service (shutdown of NetMeeting conference) via malformed packets, as demonstrated via the chat conversation.
15177| [CVE-2003-0505] Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to read arbitrary files via "..\.." (dot dot) sequences in a file transfer request.
15178| [CVE-2003-0496] Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xp_fileexist extended stored procedure with a named pipe as an argument instead of a normal file.
15179| [CVE-2003-0352] Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
15180| [CVE-2003-0345] Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, and NT allows remote attackers to cause a denial of service and possibly execute arbitrary code via an SMB packet that specifies a smaller buffer length than is required.
15181| [CVE-2003-0232] Microsoft SQL Server 7, 2000, and MSDE allows local users to execute arbitrary code via a certain request to the Local Procedure Calls (LPC) port that leads to a buffer overflow.
15182| [CVE-2003-0231] Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service (crash or hang) via a long request to a named pipe.
15183| [CVE-2003-0230] Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability.
15184| [CVE-2003-0227] The logging capability for unicast and multicast transmissions in the ISAPI extension for Microsoft Windows Media Services in Microsoft Windows NT 4.0 and 2000, nsiislog.dll, allows remote attackers to cause a denial of service in Internet Information Server (IIS) and execute arbitrary code via a certain network request.
15185| [CVE-2003-0118] SQL injection vulnerability in the Document Tracking and Administration (DTA) website of Microsoft BizTalk Server 2000 and 2002 allows remote attackers to execute operating system commands via a request to (1) rawdocdata.asp or (2) RawCustomSearchField.asp containing an embedded SQL statement.
15186| [CVE-2003-0117] Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ISAPI) of Microsoft BizTalk Server 2002 allows attackers to execute arbitrary code via a certain request to the HTTP receiver.
15187| [CVE-2003-0110] The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Microsoft Firewall service in Internet Security and Acceleration (ISA) Server 2000 allow remote attackers to cause a denial of service (CPU consumption or packet storm) via a spoofed, malformed packet to UDP port 1745.
15188| [CVE-2003-0109] Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
15189| [CVE-2003-0011] Unknown vulnerability in the DNS intrusion detection application filter for Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (blocked traffic to DNS servers) via a certain type of incoming DNS request that is not properly handled.
15190| [CVE-2003-0007] Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
15191| [CVE-2003-0003] Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
15192| [CVE-2003-0002] Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
15193| [CVE-2002-2101] Microsoft Outlook 2002 allows remote attackers to execute arbitrary JavaScript code, even when scripting is disabled, via an "about:" or "javascript:" URI in the href attribute of an "a" tag.
15194| [CVE-2002-2100] Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content.
15195| [CVE-2002-1984] Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windows XP allows remote attackers to cause a denial of service (crash) via an OBJECT tag that contains a crafted CLASSID (CLSID) value of "CLSID:00022613-0000-0000-C000-000000000046".
15196| [CVE-2002-1981] Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "public" role to execute the (1) sp_MSSetServerProperties or (2) sp_MSsetalertinfo stored procedures, which allows attackers to modify configuration including SQL server startup and alert settings.
15197| [CVE-2002-1933] The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal server window.
15198| [CVE-2002-1932] Microsoft Windows XP and Windows 2000, when configured to send administrative alerts and the "Do not overwrite events (clear log manually)" option is set, does not notify the administrator when the log reaches its maximum size, which allows local users and remote attackers to avoid detection.
15199| [CVE-2002-1876] Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS.
15200| [CVE-2002-1873] Microsoft Exchange 2000, when used with Microsoft Remote Procedure Call (MSRPC), allows remote attackers to cause a denial of service (crash or memory consumption) via malformed MSRPC calls.
15201| [CVE-2002-1872] Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled, uses weak password encryption (XOR), which allows remote attackers to sniff and decrypt the password.
15202| [CVE-2002-1776] ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Symantec Norton AntiVirus 2002 allows remote attackers to bypass virus protection via a Word Macro virus with a .nch or .dbx extension, which is automatically recognized and executed as a Microsoft Office document. NOTE: the vendor has disputed this issue, acknowledging that the initial scan is bypassed, but the Office plug-in would detect the virus before it is executed.
15203| [CVE-2002-1712] Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
15204| [CVE-2002-1256] The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
15205| [CVE-2002-1255] Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
15206| [CVE-2002-1214] Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
15207| [CVE-2002-1184] The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
15208| [CVE-2002-1145] The xp_runwebtask stored procedure in the Web Tasks component of Microsoft SQL Server 7.0 and 2000, Microsoft Data Engine (MSDE) 1.0, and Microsoft Desktop Engine (MSDE) 2000 can be executed by PUBLIC, which allows an attacker to gain privileges by updating a webtask that is owned by the database owner through the msdb.dbo.mswebtasks table, which does not have strong permissions.
15209| [CVE-2002-1141] An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
15210| [CVE-2002-1140] The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
15211| [CVE-2002-1138] Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
15212| [CVE-2002-1137] Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
15213| [CVE-2002-1123] Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
15214| [CVE-2002-1117] Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
15215| [CVE-2002-1056] Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
15216| [CVE-2002-0982] Microsoft SQL Server 2000 SP2, when configured as a distributor, allows attackers to execute arbitrary code via the @scriptfile parameter to the sp_MScopyscript stored procedure.
15217| [CVE-2002-0975] Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xweb.ocx) 2.0.6.15 and earlier allows remote attackers to execute arbitrary via a long File parameter.
15218| [CVE-2002-0863] Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and RDP 5.1 in Windows XP does not encrypt the checksums of plaintext session data, which could allow a remote attacker to determine the contents of encrypted sessions via sniffing, aka "Weak Encryption in RDP Protocol."
15219| [CVE-2002-0861] Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to bypass the "Allow paste operations via script" setting, even when it is disabled, via the (1) Copy method of the Cell object or (2) the Paste method of the Range object.
15220| [CVE-2002-0860] The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
15221| [CVE-2002-0859] Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
15222| [CVE-2002-0729] Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
15223| [CVE-2002-0727] The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
15224| [CVE-2002-0724] Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".
15225| [CVE-2002-0721] Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
15226| [CVE-2002-0719] SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
15227| [CVE-2002-0718] Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
15228| [CVE-2002-0700] Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
15229| [CVE-2002-0699] Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.
15230| [CVE-2002-0695] Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
15231| [CVE-2002-0694] The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
15232| [CVE-2002-0693] Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute code via (1) a long parameter to the Alink function, or (2) script containing a long argument to the showHelp function.
15233| [CVE-2002-0692] Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
15234| [CVE-2002-0650] The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
15235| [CVE-2002-0649] Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
15236| [CVE-2002-0645] SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.
15237| [CVE-2002-0644] Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.
15238| [CVE-2002-0643] The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsoft SQL Server 2000 creates setup.iss files with insecure permissions and does not delete them after installation, which allows local users to obtain sensitive data, including weakly encrypted passwords, to gain privileges, aka "SQL Server Installation Process May Leave Passwords on System."
15239| [CVE-2002-0642] The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
15240| [CVE-2002-0641] Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows attackers with database administration privileges to execute arbitrary code via a long filename in the BULK INSERT query.
15241| [CVE-2002-0624] Buffer overflow in the password encryption function of Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, allows remote attackers to gain control of the database and execute arbitrary code via SQL Server Authentication, aka "Unchecked Buffer in Password Encryption Procedure."
15242| [CVE-2002-0623] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
15243| [CVE-2002-0622] The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
15244| [CVE-2002-0621] Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
15245| [CVE-2002-0620] Buffer overflow in the Profile Service of Microsoft Commerce Server 2000 allows remote attackers to cause the server to fail or run arbitrary code in the LocalSystem security context via an input field using an affected API.
15246| [CVE-2002-0619] The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
15247| [CVE-2002-0618] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
15248| [CVE-2002-0617] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
15249| [CVE-2002-0616] The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
15250| [CVE-2002-0597] LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
15251| [CVE-2002-0444] Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
15252| [CVE-2002-0443] Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
15253| [CVE-2002-0373] The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
15254| [CVE-2002-0371] Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
15255| [CVE-2002-0368] The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
15256| [CVE-2002-0224] The MSDTC (Microsoft Distributed Transaction Service Coordinator) for Microsoft Windows 2000, Microsoft IIS 5.0 and SQL Server 6.5 through SQL 2000 0.0 allows remote attackers to cause a denial of service (crash or hang) via malformed (random) input.
15257| [CVE-2002-0187] Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
15258| [CVE-2002-0186] Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
15259| [CVE-2002-0154] Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.
15260| [CVE-2002-0152] Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
15261| [CVE-2002-0055] SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
15262| [CVE-2002-0054] SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
15263| [CVE-2002-0050] Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
15264| [CVE-2002-0049] Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
15265| [CVE-2002-0034] The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
15266| [CVE-2002-0018] In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
15267| [CVE-2001-1533] ** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets. NOTE: the vendor disputes this issue, saying that it requires high bandwidth to exploit, and the server does not experience any instability. Therefore this "laws of physics" issue might not be included in CVE.
15268| [CVE-2001-1451] Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for Microsoft Windows 2000 before SP3, when the Print Spooler is not running, allows remote attackers to cause a denial of service (memory consumption) via a large number of GET or GETNEXT requests.
15269| [CVE-2001-1319] Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
15270| [CVE-2001-1099] The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
15271| [CVE-2001-0986] SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope parameter set to (1) webinfo, (2) extended_fileinfo, (3) extended_webinfo, or (4) fileinfo.
15272| [CVE-2001-0718] Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
15273| [CVE-2001-0666] Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
15274| [CVE-2001-0658] Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
15275| [CVE-2001-0628] Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
15276| [CVE-2001-0547] Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
15277| [CVE-2001-0546] Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
15278| [CVE-2001-0542] Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers with access to SQL Server to execute arbitrary code through the functions (1) raiserror, (2) formatmessage, or (3) xp_sprintf. NOTE: the C runtime format string vulnerability reported in MS01-060 is identified by CVE-2001-0879.
15279| [CVE-2001-0538] Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
15280| [CVE-2001-0509] Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 and earlier, (2) Microsoft SQL Server 2000 and earlier, (3) Windows NT 4.0, and (4) Windows 2000 allow remote attackers to cause a denial of service via malformed inputs.
15281| [CVE-2001-0505] Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed requests to (1) the Telnet service, or (2) the NFS service.
15282| [CVE-2001-0504] Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying.
15283| [CVE-2001-0501] Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
15284| [CVE-2001-0351] Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
15285| [CVE-2001-0350] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of this vulnerability.
15286| [CVE-2001-0349] Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the first of two variants of this vulnerability.
15287| [CVE-2001-0348] Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
15288| [CVE-2001-0347] Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
15289| [CVE-2001-0346] Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
15290| [CVE-2001-0345] Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
15291| [CVE-2001-0344] An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
15292| [CVE-2001-0340] An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
15293| [CVE-2001-0261] Microsoft Windows 2000 Encrypted File System does not properly destroy backups of files that are encrypted, which allows a local attacker to recover the text of encrypted files.
15294| [CVE-2001-0245] Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
15295| [CVE-2001-0244] Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
15296| [CVE-2001-0240] Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
15297| [CVE-2001-0239] Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
15298| [CVE-2001-0237] Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
15299| [CVE-2001-0146] IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a denial of service (memory allocation error) by repeatedly sending a series of specially formatted URL's.
15300| [CVE-2001-0048] The "Configure Your Server" tool in Microsoft 2000 domain controllers installs a blank password for the Directory Service Restore Mode, which allows attackers with physical access to the controller to install malicious programs, aka the "Directory Service Restore Mode Password" vulnerability.
15301| [CVE-2001-0005] Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
15302| [CVE-2001-0003] Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
15303| [CVE-2000-1218] The default configuration for the domain name resolver for Microsoft Windows 98, NT 4.0, 2000, and XP sets the QueryIpMatching parameter to 0, which causes Windows to accept DNS updates from hosts that it did not query, which allows remote attackers to poison the DNS cache.
15304| [CVE-2000-1217] Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a non-Windows 2000 domain and using NTLM authentication, and when credentials of an account are locally cached, allows local users to bypass account lockout policies and make an unlimited number of login attempts, aka the "Domain Account Lockout" vulnerability.
15305| [CVE-2000-1209] The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
15306| [CVE-2000-1139] The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
15307| [CVE-2000-1088] The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
15308| [CVE-2000-1087] The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
15309| [CVE-2000-1086] The xp_printstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
15310| [CVE-2000-1085] The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
15311| [CVE-2000-1079] Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
15312| [CVE-2000-0942] The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
15313| [CVE-2000-0854] When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
15314| [CVE-2000-0771] Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
15315| [CVE-2000-0765] Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
15316| [CVE-2000-0756] Microsoft Outlook 2000 does not properly process long or malformed fields in vCard (.vcf) files, which allows attackers to cause a denial of service.
15317| [CVE-2000-0710] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
15318| [CVE-2000-0709] The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
15319| [CVE-2000-0637] Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
15320| [CVE-2000-0621] Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
15321| [CVE-2000-0597] Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
15322| [CVE-2000-0331] Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
15323| [CVE-2000-0277] Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
15324| [CVE-2013-2557] The sandbox protection mechanism in Microsoft Internet Explorer 9 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
15325| [CVE-2013-2556] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR protection mechanism via unknown vectors, as demonstrated against Adobe Flash Player by VUPEN during a Pwn2Own competition at CanSecWest 2013.
15326| [CVE-2013-2554] Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0787.
15327| [CVE-2013-2553] Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than CVE-2013-0912.
15328| [CVE-2013-2552] Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows 8 allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a Medium integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013.
15329| [CVE-2013-2551] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.
15330| [CVE-2013-1347] Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly allocated or (2) is deleted, as exploited in the wild in May 2013.
15331| [CVE-2013-1305] HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT allows remote attackers to cause a denial of service (infinite loop) via a crafted HTTP header, aka "HTTP.sys Denial of Service Vulnerability."
15332| [CVE-2013-1290] Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."
15333| [CVE-2013-1289] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1, Groove Server 2010 SP1, SharePoint Foundation 2010 SP1, and Office Web Apps 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted string, aka "HTML Sanitization Vulnerability."
15334| [CVE-2013-1284] Race condition in the kernel in Microsoft Windows 8, Windows Server 2012, and Windows RT allows local users to gain privileges via a crafted application that leverages improper handling of objects in memory, aka "Kernel Race Condition Vulnerability."
15335| [CVE-2013-0096] Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Handling Vulnerability."
15336| [CVE-2013-0086] Microsoft OneNote 2010 SP1 does not properly determine buffer sizes during memory allocation, which allows remote attackers to obtain sensitive information via a crafted OneNote file, aka "Buffer Size Validation Vulnerability."
15337| [CVE-2013-0085] Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."
15338| [CVE-2013-0084] Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."
15339| [CVE-2013-0083] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via crafted content, leading to administrative command execution, aka "SharePoint XSS Vulnerability."
15340| [CVE-2013-0080] Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."
15341| [CVE-2013-0079] Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file that triggers incorrect memory allocation, aka "Visio Viewer Tree Object Type Confusion Vulnerability."
15342| [CVE-2013-0005] The WCF Replace function in the Open Data (aka OData) protocol implementation in Microsoft .NET Framework 3.5, 3.5 SP1, 3.5.1, and 4, and the Management OData IIS Extension on Windows Server 2012, allows remote attackers to cause a denial of service (resource consumption and daemon restart) via crafted values in HTTP requests, aka "Replace Denial of Service Vulnerability."
15343| [CVE-2012-4969] Use-after-free vulnerability in the CMshtmlEd::Exec function in mshtml.dll in Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code via a crafted web site, as exploited in the wild in September 2012.
15344| [CVE-2012-4792] Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.
15345| [CVE-2012-3456] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in Calligra 2.4.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3455, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
15346| [CVE-2012-3455] Heap-based buffer overflow in the read function in filters/words/msword-odf/wv2/src/styles.cpp in the Microsoft import filter in KOffice 2.3.3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted ODF style in an ODF document. NOTE: this is the same vulnerability as CVE-2012-3456, but it was SPLIT by the CNA even though Calligra and KOffice share the same codebase.
15347| [CVE-2012-2290] The client in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375 allows remote attackers to execute arbitrary code by sending a crafted message over a TCP communication channel.
15348| [CVE-2012-2284] The (1) install and (2) upgrade processes in EMC NetWorker Module for Microsoft Applications (NMM) 2.2.1, 2.3 before build 122, and 2.4 before build 375, when Exchange Server is used, allow local users to read cleartext administrator credentials via unspecified vectors.
15349| [CVE-2012-1945] Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, Thunderbird 5.0 through 12.0, Thunderbird ESR 10.x before 10.0.5, and SeaMonkey before 2.10 allow local users to obtain sensitive information via an HTML document that loads a shortcut (aka .lnk) file for display within an IFRAME element, as demonstrated by a network share implemented by (1) Microsoft Windows or (2) Samba.
15350| [CVE-2012-1894] Microsoft Office for Mac 2011 uses world-writable permissions for the "Applications/Microsoft Office 2011/" directory and certain other directories, which allows local users to gain privileges by placing a Trojan horse executable file in one of these directories, aka "Office for Mac Improper Folder Permissions Vulnerability."
15351| [CVE-2012-1892] Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."
15352| [CVE-2012-1891] Heap-based buffer overflow in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2 and Windows Data Access Components (WDAC) 6.0 allows remote attackers to execute arbitrary code via crafted XML data that triggers access to an uninitialized object in memory, aka "ADO Cachesize Heap Overflow RCE Vulnerability."
15353| [CVE-2012-1888] Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 allows remote attackers to execute arbitrary code via a crafted Visio file, aka "Visio DXF File Format Buffer Overflow Vulnerability."
15354| [CVE-2012-1876] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
15355| [CVE-2012-1861] Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."
15356| [CVE-2012-1859] Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."
15357| [CVE-2012-1857] Cross-site scripting (XSS) vulnerability in the Enterprise Portal component in Microsoft Dynamics AX 2012 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Dynamics AX Enterprise Portal XSS Vulnerability."
15358| [CVE-2012-1849] Untrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."
15359| [CVE-2012-1545] Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
15360| [CVE-2012-1436] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \2D\6C\68 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
15361| [CVE-2012-1435] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \50\4B\4C\49\54\45 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
15362| [CVE-2012-1434] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \19\04\00\10 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
15363| [CVE-2012-1433] The Microsoft EXE file parser in AhnLab V3 Internet Security 2011.01.18.00, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, and Panda Antivirus 10.0.2.7 allows remote attackers to bypass malware detection via an EXE file with a \4a\46\49\46 character sequence at a certain location. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different EXE parser implementations.
15364| [CVE-2012-0447] Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize data for image/vnd.microsoft.icon images, which allows remote attackers to obtain potentially sensitive information by reading a PNG image that was created through conversion from an ICO image.
15365| [CVE-2012-0147] Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 does not properly configure the default web site, which allows remote attackers to obtain sensitive information via a crafted HTTPS request, aka "Unfiltered Access to UAG Default Website Vulnerability."
15366| [CVE-2012-0146] Open redirect vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 Update 1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL, aka "UAG Blind HTTP Redirect Vulnerability."
15367| [CVE-2012-0145] Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."
15368| [CVE-2012-0144] Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."
15369| [CVE-2012-0138] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0137.
15370| [CVE-2012-0137] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0136, and CVE-2012-0138.
15371| [CVE-2012-0136] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0020, CVE-2012-0137, and CVE-2012-0138.
15372| [CVE-2012-0020] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0019, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
15373| [CVE-2012-0019] Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle memory during the parsing of files, which allows remote attackers to execute arbitrary code via crafted attributes in a Visio file, aka "VSD File Format Memory Corruption Vulnerability," a different vulnerability than CVE-2012-0020, CVE-2012-0136, CVE-2012-0137, and CVE-2012-0138.
15374| [CVE-2012-0018] Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate attributes in Visio files, which allows remote attackers to execute arbitrary code via a crafted file, aka "VSD File Format Memory Corruption Vulnerability."
15375| [CVE-2012-0017] Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."
15376| [CVE-2011-4695] Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
15377| [CVE-2011-2012] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 does not properly validate session cookies, which allows remote attackers to cause a denial of service (IIS outage) via unspecified network traffic, aka "Null Session Cookie Crash."
15378| [CVE-2011-2010] The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
15379| [CVE-2011-1969] Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
15380| [CVE-2011-1897] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Default Reflected XSS Vulnerability."
15381| [CVE-2011-1896] Cross-site scripting (XSS) vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "ExcelTable Reflected XSS Vulnerability."
15382| [CVE-2011-1895] CRLF injection vulnerability in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting attacks and cross-site scripting (XSS) attacks, via unspecified vectors, aka "ExcelTable Response Splitting XSS Vulnerability."
15383| [CVE-2011-1891] Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."
15384| [CVE-2011-1890] Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."
15385| [CVE-2011-1889] The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
15386| [CVE-2011-1417] Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 and MobileSafari in Apple iOS before 4.2.7 and 4.3.x before 4.3.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a Microsoft Office document with a crafted size field in the OfficeArtMetafileHeader, related to OfficeArtBlip, as demonstrated on the iPhone by Charlie Miller and Dion Blazakis during a Pwn2Own competition at CanSecWest 2011.
15387| [CVE-2011-1347] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to bypass Protected Mode and create arbitrary files by leveraging access to a Low integrity process, as demonstrated by Stephen Fewer as the third of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
15388| [CVE-2011-1346] Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Stephen Fewer as the second of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011.
15389| [CVE-2011-1345] Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, as demonstrated by Stephen Fewer as the first of three chained vulnerabilities during a Pwn2Own competition at CanSecWest 2011, aka "Object Management Memory Corruption Vulnerability."
15390| [CVE-2011-1265] The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and Windows 7 Gold and SP1 does not prevent access to objects in memory that (1) were not properly initialized or (2) have been deleted, which allows remote attackers to execute arbitrary code via crafted Bluetooth packets, aka "Bluetooth Stack Vulnerability."
15391| [CVE-2011-0653] Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."
15392| [CVE-2011-0647] The irccd.exe service in EMC Replication Manager Client before 5.3 and NetWorker Module for Microsoft Applications 2.1.x and 2.2.x allows remote attackers to execute arbitrary commands via the RunProgram function to TCP port 6542.
15393| [CVE-2011-0627] Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and Solaris and before 10.3.185.21 on Android allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content, as possibly exploited in the wild in May 2011 by a Microsoft Office document with an embedded .swf file.
15394| [CVE-2011-0037] Microsoft Malware Protection Engine before 1.1.6603.0, as used in Microsoft Malicious Software Removal Tool (MSRT), Windows Defender, Security Essentials, Forefront Client Security, Forefront Endpoint Protection 2010, and Windows Live OneCare, allows local users to gain privileges via a crafted value of an unspecified user registry key.
15395| [CVE-2011-0027] Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, does not properly validate memory allocation for internal data structures, which allows remote attackers to execute arbitrary code, possibly via a large CacheSize property that triggers an integer wrap and a buffer overflow, aka "ADO Record Memory Vulnerability." NOTE: this might be a duplicate of CVE-2010-1117 or CVE-2010-1118.
15396| [CVE-2011-0026] Integer signedness error in the SQLConnectW function in an ODBC API (odbc32.dll) in Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows Data Access Components (WDAC) 6.0, allows remote attackers to execute arbitrary code via a long string in the Data Source Name (DSN) and a crafted szDSN argument, which bypasses a signed comparison and leads to a buffer overflow, aka "DSN Overflow Vulnerability."
15397| [CVE-2010-4643] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted Truevision TGA (TARGA) file in an ODF or Microsoft Office document.
15398| [CVE-2010-4253] Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
15399| [CVE-2010-4121] ** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning Manager for OS Deployment 7.1.1.3 does not require authentication for SQL statements, which allows remote attackers to modify, create, or read database records via a session on TCP port 2020. NOTE: the vendor disputes this issue, stating that the "default Microsoft Access database is not password protected because it is intended to be used for evaluation purposes only."
15400| [CVE-2010-3967] Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
15401| [CVE-2010-3962] Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
15402| [CVE-2010-3936] Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS in Signurl.asp Vulnerability."
15403| [CVE-2010-3889] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Microsoft researchers and other researchers.
15404| [CVE-2010-3888] Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
15405| [CVE-2010-3497] Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."
15406| [CVE-2010-3454] Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted typography information in a Microsoft Word .DOC file that triggers an out-of-bounds write.
15407| [CVE-2010-3453] The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8 data in a Microsoft Word document, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted .DOC file that triggers an out-of-bounds write.
15408| [CVE-2010-3141] Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
15409| [CVE-2010-2743] The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
15410| [CVE-2010-2734] Cross-site scripting (XSS) vulnerability in the mobile portal in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "XSS Issue on UAG Mobile Portal Website in Forefront Unified Access Gateway Vulnerability."
15411| [CVE-2010-2733] Cross-site scripting (XSS) vulnerability in the Web Monitor in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "UAG XSS Allows EOP Vulnerability."
15412| [CVE-2010-2732] Open redirect vulnerability in the web interface in Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, 2010 Update 1, and 2010 Update 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, aka "UAG Redirection Spoofing Vulnerability."
15413| [CVE-2010-2564] Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted project file, aka "Movie Maker Memory Corruption Vulnerability."
15414| [CVE-2010-1184] The Microsoft wireless keyboard uses XOR encryption with a key derived from the MAC address, which makes it easier for remote attackers to obtain keystroke information and inject arbitrary commands via a nearby wireless device, as demonstrated by Keykeriki 2.
15415| [CVE-2010-1118] Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
15416| [CVE-2010-1117] Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to discover the base address of a Windows .dll file, and possibly have unspecified other impact, via unknown vectors, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
15417| [CVE-2010-0806] Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
15418| [CVE-2010-0716] _layouts/Upload.aspx in the Documents module in Microsoft SharePoint before 2010 uses URLs with the same hostname and port number for a web site's primary files and individual users' uploaded files (aka attachments), which allows remote authenticated users to leverage same-origin relationships and conduct cross-site scripting (XSS) attacks by uploading TXT files, a related issue to CVE-2008-5026. NOTE: the vendor disputes the significance of this issue, because cross-domain isolation can be implemented when needed.
15419| [CVE-2009-3555] The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
15420| [CVE-2008-5750] Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
15421| [CVE-2008-5556] ** DISPUTED ** The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not recognize attack patterns designed to operate against web pages that are encoded with utf-7, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting crafted utf-7 content. NOTE: the vendor reportedly disputes this issue, stating "Behaviour is by design."
15422| [CVE-2008-5555] Microsoft Internet Explorer 8.0 Beta 2 relies on the XDomainRequestAllowed HTTP header to authorize data exchange between domains, which allows remote attackers to bypass the product's XSS Filter protection mechanism, and conduct XSS and cross-domain attacks, by injecting this header after a CRLF sequence, related to "XDomainRequest Allowed Injection (XAI)." NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
15423| [CVE-2008-5554] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not properly handle some HTTP headers that appear after a CRLF sequence in a URI, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS or redirection attacks, as demonstrated by the (1) Location and (2) Set-Cookie HTTP headers. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
15424| [CVE-2008-5553] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables itself upon encountering a certain X-XSS-Protection HTTP header, which allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting this header after a CRLF sequence. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
15425| [CVE-2008-5552] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks via a CRLF sequence in conjunction with a crafted Content-Type header, as demonstrated by a header with a utf-7 charset value. NOTE: the vendor has reportedly stated that the XSS Filter intentionally does not attempt to "address every conceivable XSS attack scenario."
15426| [CVE-2008-5551] The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote attackers to bypass the XSS protection mechanism and conduct XSS attacks by injecting data at two different positions within an HTML document, related to STYLE elements and the CSS expression property, aka a "double injection."
15427| [CVE-2008-5180] Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
15428| [CVE-2008-4211] Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and (2) Office Viewer in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a crafted Microsoft Excel file that triggers an out-of-bounds memory access, related to "handling of columns."
15429| [CVE-2007-5351] Unspecified vulnerability in Server Message Block Version 2 (SMBv2) signing support in Microsoft Windows Vista allows remote attackers to force signature re-computation and execute arbitrary code via a crafted SMBv2 packet, aka "SMBv2 Signing Vulnerability."
15430| [CVE-2007-2729] Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, and probably older Comodo Firewall versions, do not properly test for equivalence of process identifiers for certain Microsoft Windows API functions in the NT kernel 5.0 and greater, which allows local users to call these functions, and bypass firewall rules or gain privileges, via a modified identifier that is one, two, or three greater than the canonical identifier.
15431| [CVE-2007-1534] DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains available for remote connections on TCP port 5722 for 2 minutes after Windows Meeting Space is closed, which allows remote attackers to have an unknown impact by connecting to this port during the time window.
15432| [CVE-2007-0341] Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and earlier, when Microsoft Internet Explorer 6 is used, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in a CSS style in the convcharset parameter to the top-level URI, a different vulnerability than CVE-2005-0992.
15433| [CVE-2006-5559] The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control objects (ADODB.Connection.2.7 and ADODB.Connection.2.8) in the Microsoft Data Access Components (MDAC) 2.5 SP3, 2.7 SP1, 2.8, and 2.8 SP1 does not properly track freed memory when the second argument is a BSTR, which allows remote attackers to cause a denial of service (Internet Explorer crash) and possibly execute arbitrary code via certain strings in the second and third arguments.
15434| [CVE-2006-4686] Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page.
15435| [CVE-2006-4685] The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains.
15436| [CVE-2006-1359] Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
15437| [CVE-2006-0761] Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device.
15438| [CVE-2006-0753] Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status.
15439| [CVE-2006-0544] urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
15440| [CVE-2006-0003] Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
15441| [CVE-2005-1929] Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) relay.dll in Trend Micro ServerProtect Management Console 5.58 and earlier, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, allow remote attackers to execute arbitrary code via "wrapped" length values in Chunked transfer requests. NOTE: the original report suggests that the relay.dll issue is related to a problem in which a Microsoft Foundation Classes (MFC) static library returns invalid values under heavy load. As such, this might not be a vulnerability in Trend Micro's product.
15442| [CVE-2005-0852] Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.
15443| [CVE-2004-1322] Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
15444| [CVE-2003-1306] Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
15445| [CVE-2003-0903] Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
15446| [CVE-2003-0353] Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
15447| [CVE-2002-1918] Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding this issue, perhaps it should be REJECTED.
15448| [CVE-2002-1142] Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
15449| [CVE-2002-1015] RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
15450| [CVE-2002-0697] Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
15451| [CVE-2002-0057] XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
15452| [CVE-2001-1218] Microsoft Internet Explorer for Unix 5.0SP1 allows local users to possibly cause a denial of service (crash) in CDE or the X server on Solaris 2.6 by rapidly scrolling Chinese characters or maximizing the window.
15453| [CVE-2000-0563] The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier and the Microsoft virtual machine (VM) for MacOS allows a malicious web site operator to connect to arbitrary hosts using a HTTP redirection, in violation of the Java security model.
15454| [CVE-1999-1097] Microsoft NetMeeting 2.1 allows one client to read the contents of another client's clipboard via a CTRL-C in the chat box when the box is empty.
15455|
15456| SecurityFocus - https://www.securityfocus.com/bid/:
15457| [83154] Microsoft Windows 2000 Server CVE-2004-0540 Remote Security Vulnerability
15458| [45297] Microsoft Exchange Server 2007 Infinite Loop Remote Denial of Service Vulnerability
15459| [43419] Microsoft Excel 2002 Memory Corruption Vulnerability
15460| [43189] Microsoft Visual C++ 2008 Redistributable Package DLL Loading Arbitrary Code Execution Vulnerability
15461| [42742] Microsoft PowerPoint 2007 Multiple DLL Loading Arbitrary Code Execution Vulnerability
15462| [42695] Microsoft Groove 2007 'mso.dll' DLL Loading Arbitrary Code Execution Vulnerability
15463| [42681] Microsoft Visio 2003 'mfc71enu.dll' DLL Loading Arbitrary Code Execution Vulnerability
15464| [41843] Microsoft Outlook Web Access for Exchange Server 2003 Cross Site Request Forgery Vulnerability
15465| [39776] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
15466| [37196] RETIRED: Microsoft December 2009 Advance Notification Multiple Vulnerabilities
15467| [36940] RETIRED: Microsoft November 2009 Advance Notification Multiple Vulnerabilities
15468| [36633] RETIRED: Microsoft October 2009 Advance Notification Multiple Vulnerabilities
15469| [36239] RETIRED: Microsoft September 2009 Advance Notification Multiple Vulnerabilities
15470| [35974] RETIRED: Microsoft August 2009 Advance Notification Multiple Vulnerabilities
15471| [35617] RETIRED: Microsoft July 2009 Advance Notification Multiple Vulnerabilities
15472| [35213] RETIRED: Microsoft June 2009 Advance Notification Multiple Vulnerabilities
15473| [34867] RETIRED: Microsoft May 2009 Advance Notification Multiple Vulnerabilities
15474| [34532] Microsoft IAG 2007 ActiveX Control Multiple Stack Based Buffer Overflow Vulnerabilities
15475| [34469] Microsoft Word 2000 WordPerfect Converter Remote Code Execution Vulnerability
15476| [34450] RETIRED: Microsoft April 2009 Advance Notification Multiple Vulnerabilities
15477| [34005] RETIRED: Microsoft March 2009 Advance Notification Multiple Vulnerabilities
15478| [33639] RETIRED: Microsoft February 2009 Advance Notification Multiple Vulnerabilities
15479| [33170] RETIRED: Microsoft January 2009 Advance Notification Multiple Vulnerabilities
15480| [32632] RETIRED: Microsoft December 2008 Advance Notification Multiple Vulnerabilities
15481| [32153] Retired: Microsoft November 2008 Advance Notification Multiple Vulnerabilities
15482| [31667] Retired: Microsoft October 2008 Advance Notification Multiple Vulnerabilities
15483| [31129] RETIRED: Microsoft SQL Server 2000 'sqlvdir.dll' ActiveX Buffer Overflow Vulnerability
15484| [31014] RETIRED: Microsoft September 2008 Advance Notification Multiple Vulnerabilities
15485| [30593] RETIRED: Microsoft August 2008 Advance Notification Multiple Vulnerabilities
15486| [30075] RETIRED: Microsoft July 2008 Advance Notification Multiple Vulnerabilities
15487| [29576] RETIRED: Microsoft June 2008 Advance Notification Multiple Vulnerabilities
15488| [29108] RETIRED: Microsoft May 2008 Advance Notification Multiple Vulnerabilities
15489| [28598] RETIRED: Microsoft April 2008 Advance Notification Multiple Vulnerabilities
15490| [28124] Retired: Microsoft March 2008 Advance Notification Multiple Vulnerabilities
15491| [27674] RETIRED: Microsoft February 2008 Advance Notification Multiple Vulnerabilities
15492| [27119] RETIRED: Microsoft January 2008 Advance Notification Multiple Vulnerabilities
15493| [26739] RETIRED: Microsoft December 2007 Advance Notification Multiple Vulnerabilities
15494| [26414] Microsoft Forms 2.0 ActiveX Control Memory Access Violation Denial of Service Vulnerabilities
15495| [26380] Retired: Microsoft November 2007 Advance Notification Multiple Vulnerabilities
15496| [25991] RETIRED: Microsoft Office 2000 and XP Unspecified Word Document Handling DoS Vulnerability
15497| [25922] RETIRED: Microsoft October 2007 Advance Notification Multiple Vulnerabilities
15498| [25573] RETIRED: Microsoft September 2007 Advance Notification Multiple Vulnerabilities
15499| [25247] Retired: Microsoft August 2007 Advance Notification Multiple Vulnerabilities
15500| [24771] Retired: Microsoft July 2007 Advance Notification Multiple Vulnerabilities
15501| [24366] RETIRED: Microsoft June 2007 Advance Notification Multiple Vulnerabilities
15502| [24118] Microsoft Office 2000 UA OUACTRL.OCX ActiveX Control Buffer Overflow Vulnerability
15503| [23800] RETIRED: Microsoft May 2007 Advance Notification Multiple Vulnerabilities
15504| [23380] Microsoft Word 2007 WWLib.DLL Unspecified Document File Buffer Overflow Vulnerability
15505| [23335] RETIRED: Microsoft April 2007 Advance Notification Multiple Vulnerabilities
15506| [22716] Microsoft Office 2003 Denial of Service Vulnerability
15507| [22567] Microsoft Word 2000/2002 Document Stream Remote Code Execution Vulnerability
15508| [22328] RETIRED: Microsoft Word 2003 Unspecified Code Execution Vulnerability
15509| [22225] Microsoft Word 2000 Malformed Function Code Execution Vulnerability
15510| [21611] Microsoft Project Server 2003 PDSRequest.ASP XML Request Information Disclosure Vulnerability
15511| [21495] Microsoft Windows 2000 Remote Installation Service Remote Code Execution Vulnerability
15512| [20843] Microsoft Visual Studio 2005 WMI Object Broker Remote Code Execution Vulnerability
15513| [19636] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
15514| [19388] Microsoft Windows 2000 Kernel Local Privilege Escalation Vulnerability
15515| [17134] Microsoft Commerce Server 2002 Authentication Bypass Vulnerability
15516| [16634] Microsoft PowerPoint 2000 Remote Information Disclosure Vulnerability
15517| [14772] Microsoft Exchange Server 2003 Exchange Information Store Denial Of Service Vulnerability
15518| [14093] Microsoft Update Rollup 1 for Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
15519| [13564] Microsoft SQL Server 2000 Multiple Vulnerabilities
15520| [13008] Microsoft Windows Server 2003 SMB Redirector Local Denial Of Service Vulnerability
15521| [12972] Microsoft Windows Server 2003 Service Pack 1 Released - Multiple Vulnerabilities Fixed
15522| [12913] Microsoft Outlook 2002 Connector For IBM Lotus Domino Policy Bypass Vulnerability
15523| [12824] Microsoft InfoPath 2003 Insecure Information Storage Vulnerability
15524| [12641] Microsoft Windows 2000 Group Policy Bypass Vulnerability
15525| [12141] Microsoft FrontPage 2000 Internet Publishing Service Provider DAV File Upload Vulnerability
15526| [11820] Microsoft Windows 2000 Resource Kit W3Who.DLL Multiple Remote Vulnerabilities
15527| [11446] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
15528| [11387] Microsoft Windows 2003 Services Default SACL Access Right Weakness
15529| [10901] Microsoft Windows 2000/XP CRL File Failed Integrity Check Denial Of Service Vulnerability
15530| [10693] Microsoft Windows 2000 Media Player Control Media Preview Script Execution Vulnerability
15531| [10484] Microsoft ISA Server 2000 FTP Bounce Filtering Vulnerability
15532| [10480] Microsoft ISA Server 2000 Site And Content Rule Bypass Vulnerability
15533| [10440] Microsoft Windows 2000 Domain Expired Account Security Policy Violation Weakness
15534| [10369] Microsoft Outlook 2003 Media File Script Execution Vulnerability
15535| [10307] Microsoft Outlook 2003 Predictable File Location Weakness
15536| [10114] Microsoft Windows 2000 Domain Controller LDAP Denial Of Service Vulnerability
15537| [9409] Microsoft Exchange Server 2003 Outlook Web Access Random Mailbox Access Vulnerability
15538| [9408] Microsoft ISA Server 2000 H.323 Filter Remote Buffer Overflow Vulnerability
15539| [9118] Microsoft Exchange Server 2003 Outlook Web Access Lowered Security Settings Weakness
15540| [8833] Microsoft Windows 2000 TroubleShooter ActiveX Control Buffer Overflow Vulnerability
15541| [8522] Multiple Microsoft Windows 2003 Stack Protection Implementation Weaknesses
15542| [8397] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
15543| [8104] Microsoft Windows 2000 Unauthorized RPC Connection Weakness
15544| [8098] Microsoft Windows 2000 Terminal Services Named Pipe System Account Access Vulnerability
15545| [8093] Microsoft Windows 2000 Active Directory Forest Origin Validation Vulnerability
15546| [8090] Microsoft Windows 2000 ShellExecute() Buffer Overflow Vulnerability
15547| [8089] Microsoft Windows 2000 Unspecified Cryptnet.DLL Memory Leakage Vulnerability
15548| [8086] Microsoft Windows 2000 Port Name Buffers Potential Buffer Overflow Vulnerability
15549| [8085] Microsoft Windows 2000 ModifyDN Request Denial of Service Vulnerability
15550| [8083] Microsoft Windows 2000 Domain Controller Spoofing Vulnerability
15551| [8081] Microsoft Windows 2000 USBH_IoctlGetNodeConnectionDriverKeyName Information Disclosure Vulnerability
15552| [8063] Microsoft Commerce Server 2002 Weak Registry Key Permissions Weakness
15553| [8045] Microsoft Windows 2000 SP4 Released - Multiple Vulnerabilities Fixed
15554| [7930] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
15555| [7788] Microsoft Windows 2000/XP/2003 IPV6 ICMP Flood Denial Of Service Vulnerability
15556| [7469] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
15557| [7360] Microsoft Windows 2000/XP Registry Editor Custom Permissions Weakness
15558| [7102] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
15559| [6769] Microsoft Windows 2000 RPC Service Privilege Escalation Vulnerability
15560| [6766] Microsoft Windows 2000 NetBIOS Continuation Packets Kernel Memory Leak Vulnerability
15561| [6667] Microsoft Outlook 2002 V1 Exchange Server Security Certificate Information Leakage Vulnerability
15562| [6319] Microsoft Outlook 2002 Email Header Processing Denial of Service Vulnerability
15563| [6030] Microsoft Windows 2000 SNMP Printer Query Denial of Service Vulnerability
15564| [5972] Microsoft Windows 2000/XP Full Event Log Administrative Alert Weakness
15565| [5922] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
15566| [5480] Microsoft Windows 2000 Network Connection Manager Privilege Elevation Vulnerability
15567| [5422] Microsoft Content Management Server 2001 SQL Injection Vulnerability
15568| [5421] Microsoft Content Management Server 2001 Arbitrary Upload Location Vulnerability
15569| [5420] Microsoft Content Management Server 2001 User Authentication Buffer Overflow Vulnerability
15570| [5415] Microsoft Windows 2000 Insecure Default File Permissions Vulnerability
15571| [5413] Microsoft Exchange 2000 Post Authorization License Exhaustion Denial Of Service Vulnerability
15572| [5412] Microsoft Exchange 2000 Multiple MSRPC Denial Of Service Vulnerabilities
15573| [5312] Microsoft SQL Server 2000 Resolution Service Denial of Service Vulnerability
15574| [5311] Microsoft SQL Server 2000 Resolution Service Stack Overflow Vulnerability
15575| [5310] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
15576| [5309] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
15577| [5307] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
15578| [5253] Microsoft Windows 2000 Narrator Password Disclosure Vulnerability
15579| [5205] Microsoft SQL Server 2000 Incorrect Registry Key Permissions Vulnerability
15580| [5111] Microsoft Commerce Server 2000 OWC Package Installer Local Command Execution Vulnerability
15581| [5014] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
15582| [4881] Microsoft Exchange 2000 Malformed Mail Attribute DoS Vulnerability
15583| [4853] Microsoft Commerce Server 2000 Profile Service Buffer Overflow Vulnerability
15584| [4852] Microsoft Windows 2000 Remote Access Service Buffer Overflow Vulnerability
15585| [4847] Microsoft SQL Server 2000 Bulk Insert Procedure Buffer Overflow Vulnerability
15586| [4797] Microsoft MSDE/SQL Server 2000 Desktop Engine Default Configuration Vulnerability
15587| [4683] Microsoft Windows 2000 / NT Path Precedence Vulnerability
15588| [4532] Microsoft Windows 2000 Lanman Denial of Service Vulnerability
15589| [4438] Microsoft Windows 2000 Group Policy Evasion Vulnerability
15590| [4426] Microsoft Windows 2000 / NT / XP MUP UNC Request Buffer Overflow Vulnerability
15591| [4287] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
15592| [4256] Microsoft Windows 2000 Password Policy Bypass Vulnerability
15593| [4157] Microsoft Commerce Server 2000 ISAPI Buffer Overflow Vulnerability
15594| [4095] Microsoft Windows 2000 Server Terminal Services Failure To Lock Terminal Vulnerability
15595| [3652] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability
15596| [3481] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
15597| [3479] Microsoft Windows 2000 NTFS With Macintosh Client Directory Permission Vulnerability
15598| [3445] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
15599| [3339] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
15600| [3305] Norton AntiVirus for Microsoft Exchange 2000 Information Disclosure Vulnerability
15601| [3291] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
15602| [3215] Microsoft Windows 2000 IrDA Buffer Overflow Denial of Service Vulnerability
15603| [3185] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
15604| [3184] Microsoft Windows 2000 RunAs User Credentials Exposure Vulnerability
15605| [3146] Microsoft Windows 2000 System File Replacement Vulnerability
15606| [3115] Microsoft Windows NT and 2000 Command Prompt Reboot Vulnerability
15607| [3063] Microsoft Windows 2000 Unauthorized Password Change Vulnerability
15608| [3033] Microsoft Windows 2000 Task Manager Process Termination Vulnerability
15609| [2988] Microsoft Windows 2000 SMTP Improper Authentication Vulnerability
15610| [2929] Microsoft Windows 2000 LDAP SSL Password Modification Vulnerability
15611| [2849] Microsoft Windows 2000 Telnet Privilege Escalation Vulnerability
15612| [2846] Microsoft Windows 2000 Telnet System Call DoS Vulnerability
15613| [2844] Microsoft Windows 2000 Telnet Service DoS Vulnerability
15614| [2843] Microsoft Windows 2000 Telnet Multiple Sessions DoS Vulnerability
15615| [2838] Microsoft Windows 2000 Telnet Username DoS Vulnerability
15616| [2460] Microsoft Windows 2000 Event Viewer Buffer Overflow Vulnerability
15617| [2441] Microsoft Exchange 2000 / IIS 5.0 Multiple Invalid URL Request DoS Vulnerability
15618| [2394] Microsoft Windows 2000 Domain Controller DoS Vulnerability
15619| [2341] Microsoft Windows 2000 Network DDE Escalated Privileges Vulnerability
15620| [2326] Microsoft Windows 2000 RDP DoS Vulnerability
15621| [2133] Microsoft Windows 2000 Directory Services Restore Mode Blank Password Vulnerability
15622| [2066] Microsoft Windows NT 4.0 / 2000 SNMP Registry Key Modification Vulnerability
15623| [2018] Microsoft Windows 2000 Telnet Session Timeout DoS Vulnerability
15624| [2007] Microsoft Windows 2000 DNS Memory Leak Vulnerability
15625| [1973] Microsoft Windows 2000 Domain Account Lockout Bypass Vulnerability
15626| [1958] Microsoft Exchange 2000 Server EUSR_EXSTOREEVENT Account Vulnerability
15627| [1933] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
15628| [1899] Microsoft Windows 2000 ActiveX Control Buffer Overflow Vulnerability
15629| [1811] Microsoft Site Server 2.0 with IIS 4.0 Malicious File Upload Vulnerability
15630| [1758] Microsoft Windows 2000 Unattended Install OEMPreinstall Vulnerability
15631| [1753] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
15632| [1748] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
15633| [1745] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
15634| [1729] Microsoft Windows 2000 Simplified Chinese IME Vulnerability
15635| [1695] Microsoft Proxy 2.0 FTP Permissions Bypass Vulnerability
15636| [1692] Microsoft Proxy 2.0 Internal Network Access Vulnerability
15637| [1683] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
15638| [1673] Microsoft Windows 2000 Malformed RPC Packet DoS Vulnerability
15639| [1651] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
15640| [1632] Microsoft Windows 98 / NT 4.0 / 2000 File Extension Validation Vulnerability
15641| [1620] Microsoft Windows 9x / NT 4.0 / 2000 NetBIOS Cache Corruption Vulnerability
15642| [1613] Microsoft Windows 2000 Local Security Policy Corruption Vulnerability
15643| [1566] Microsoft Word 97 / 2000 Mail Merge Code Execution Vulnerability
15644| [1561] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow Vulnerability
15645| [1535] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
15646| [1507] Microsoft Windows NT 4.0 / 2000 Unspecified Executable Path Vulnerability
15647| [1451] Microsoft Excel 97 / 2000 Register.ID Vulnerability
15648| [1435] Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability
15649| [1415] Microsoft Windows 2000 Remote CPU-overload Vulnerability
15650| [1414] Microsoft Windows 2000 Telnet Server DoS Vulnerability
15651| [1399] Microsoft Internet Explorer 5.01 and Excel/Powerpoint 2000 ActiveX Object Execution Vulnerability
15652| [1398] Microsoft Internet Explorer 5.01 and Access 2000 / 97 VBA Code Execution Vulnerability
15653| [1350] Microsoft Windows 2000 Windows Station Access Vulnerability
15654| [1304] Microsoft Windows NT 4.0 / 2000 SMB Write Request DoS Vulnerability
15655| [1301] Microsoft Windows NT 4.0 / 2000 Ignored SMB Response DoS Vulnerability
15656| [1295] Microsoft Windows 2000 Default 40-bit Encrypted Protected Store Vulnerability
15657| [1198] Microsoft Windows 2000 Default SYSKEY Configuration Vulnerability
15658| [1197] Microsoft Office 2000 UA Control Vulnerability
15659| [990] Microsoft Windows 2000 Install Unprotected ADMIN$ Share Vulnerability
15660| [945] Microsoft SMS 2.0 Default Permissions Vulnerability
15661| [539] Microsoft Windows 2000 EFS Vulnerability
15662| [180] Microsoft Windows April Fools 2001 Vulnerability
15663| [71487] Microsoft December 2014 Advance Notification Multiple Vulnerabilities
15664| [70966] RETIRED: Microsoft November 2014 Advance Notification Multiple Vulnerabilities
15665| [70367] RETIRED: Microsoft October 2014 Advance Notification Multiple Vulnerabilities
15666| [69636] RETIRED: Microsoft September 2014 Advance Notification Multiple Vulnerabilities
15667| [69108] Microsoft August 2014 Advance Notification Multiple Vulnerabilities
15668| [68367] Microsoft July 2014 Advance Notification Multiple Vulnerabilities
15669| [67905] Microsoft June 2014 Advance Notification Multiple Vulnerabilities
15670| [67298] Microsoft May 2014 Advance Notification Multiple Vulnerabilities
15671| [66639] RETIRED: Microsoft April 2014 Advance Notification Multiple Vulnerabilities
15672| [66016] Microsoft March 2014 Notification Multiple Vulnerabilities
15673| [65426] Microsoft February 2014 Notification Multiple Vulnerabilities
15674| [64757] RETIRED: Microsoft January 2014 Advance Notification Multiple Vulnerabilities
15675| [64083] RETIRED: Microsoft December 2013 Advance Notification Multiple Vulnerabilities
15676| [63604] RETIRED: Microsoft November 2013 Advance Notification Multiple Vulnerabilities
15677| [62797] RETIRED: Microsoft October 2013 Advance Notification Multiple Vulnerabilities
15678| [62228] RETIRED: Microsoft September 2013 Advance Notification Multiple Vulnerabilities
15679| [62181] Microsoft Office Pinyin IME 2010 CVE-2013-3859 Local Privilege Escalation Vulnerability
15680| [61686] Microsoft August 2013 Advance Notification Multiple Vulnerabilities
15681| [60960] RETIRED: Microsoft July 2013 Advance Notification Multiple Vulnerabilities
15682| [60394] Microsoft June 2013 Advance Notification Multiple Vulnerabilities
15683| [59785] RETIRED: Microsoft May 2013 Advance Notification Multiple Vulnerabilities
15684| [58881] RETIRED: Microsoft April 2013 Advance Notification Multiple Vulnerabilities
15685| [58380] RETIRED: Microsoft March 2013 Advance Notification Multiple Vulnerabilities
15686| [57846] RETIRED: Microsoft February 2013 Advance Notification Multiple Vulnerabilities
15687| [57137] RETIRED: Microsoft January 2013 Advance Notification Multiple Vulnerabilities
15688| [56838] RETIRED: Microsoft December 2012 Advance Notification Multiple Vulnerabilities
15689| [56450] RETIRED: Microsoft November 2012 Advance Notification Multiple Vulnerabilities
15690| [56304] Microsoft Office Excel 2010 Memory Corruption Denial of Service Vulnerability
15691| [55794] RETIRED: Microsoft October 2012 Advance Notification Multiple Vulnerabilities
15692| [55472] RETIRED: Microsoft September 2012 Advance Notification Multiple Vulnerabilities
15693| [54944] RETIRED: Microsoft August 2012 Advance Notification Multiple Vulnerabilities
15694| [54318] RETIRED: Microsoft July 2012 Advance Notification Multiple Vulnerabilities
15695| [53862] RETIRED: Microsoft June 2012 Advance Notification Multiple Vulnerabilities
15696| [53372] RETIRED: Microsoft May 2012 Advance Notification Multiple Vulnerabilities
15697| [52910] RETIRED: Microsoft April 2012 Advance Notification Multiple Vulnerabilities
15698| [52366] RETIRED: Microsoft March 2012 Advance Notification Multiple Vulnerabilities
15699| [51944] RETIRED: Microsoft February 2012 Advance Notification Multiple Vulnerabilities
15700| [51289] RETIRED: Microsoft January 2012 Advance Notification Multiple Vulnerabilities
15701| [50980] RETIRED: Microsoft December 2011 Advance Notification Multiple Vulnerabilities
15702| [50513] RETIRED: Microsoft November 2011 Advance Notification Multiple Vulnerabilities
15703| [49994] RETIRED: Microsoft October 2011 Advance Notification Multiple Vulnerabilities
15704| [49515] RETIRED: Microsoft September 2011 Advance Notification Multiple Vulnerabilities
15705| [49017] RETIRED: Microsoft August 2011 Advance Notification Multiple Vulnerabilities
15706| [48616] RETIRED: Microsoft July 2011 Advance Notification Multiple Vulnerabilities
15707| [48235] Microsoft Lync Server 2010 'ReachJoin.aspx' Remote Command Injection Vulnerability
15708| [48193] RETIRED: Microsoft June 2011 Advance Notification Multiple Vulnerabilities
15709| [47725] RETIRED: Microsoft May 2011 Advance Notification Multiple Vulnerabilities
15710| [47255] RETIRED: Microsoft April 2011 Advance Notification Multiple Vulnerabilities
15711| [46675] RETIRED: Microsoft March 2011 Advance Notification Multiple Vulnerabilities
15712| [46132] RETIRED: Microsoft February 2011 Advance Notification Multiple Vulnerabilities
15713| [45696] RETIRED: Microsoft January 2011 Advance Notification Multiple Vulnerabilities
15714| [45307] RETIRED: Microsoft December 2010 Advance Notification Multiple Vulnerabilities
15715| [44649] RETIRED: Microsoft November 2010 Advance Notification Multiple Vulnerabilities
15716| [43831] RETIRED: Microsoft October 2010 Advance Notification Multiple Vulnerabilities
15717| [43115] RETIRED: Microsoft September 2010 Advance Notification Multiple Vulnerabilities
15718| [42234] RETIRED: Microsoft August 2010 Advance Notification Multiple Vulnerabilities
15719| [41474] RETIRED: Microsoft July 2010 Advance Notification Multiple Vulnerabilities
15720| [40548] RETIRED: Microsoft June 2010 Advance Notification Multiple Vulnerabilities
15721| [39961] RETIRED: Microsoft May 2010 Advance Notification Multiple Vulnerabilities
15722| [39313] RETIRED: Microsoft April 2010 Advance Notification Multiple Vulnerabilities
15723| [38540] RETIRED: Microsoft March 2010 Advance Notification Multiple Vulnerabilities
15724| [38096] RETIRED: Microsoft February 2010 Advance Notification Multiple Vulnerabilities
15725| [37887] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
15726| [37664] RETIRED: Microsoft January 2010 Advance Notification Multiple Vulnerabilities
15727| [32642] Microsoft Word RTF Malformed Control Word Variant 2 Remote Code Execution Vulnerability
15728|
15729| IBM X-Force - https://exchange.xforce.ibmcloud.com:
15730| [82417] Microsoft Windows Knowledge Base Article 2801261 update is not installed
15731| [82415] Microsoft Windows Knowledge Base Article 2807986 update is not installed
15732| [82410] Microsoft Windows Knowledge Base Article 2809289 update is not installed
15733| [81859] Microsoft Windows Knowledge Base Article 2802968 update is not installed
15734| [81857] Microsoft Windows Knowledge Base Article 2809279 update is not installed
15735| [81668] Microsoft Windows Knowledge Base Article 2800277 update is not installed
15736| [77323] Microsoft Windows Knowledge Base Article 2706045 update is not installed
15737| [75949] Microsoft Windows Knowledge Base Article 2707960 update is not installed
15738| [75942] Microsoft Windows Knowledge Base Article 2706726 update is not installed
15739| [75934] Microsoft Windows Knowledge Base Article 2709162 update is not installed
15740| [75926] Microsoft Windows Knowledge Base Article 2709100 update is not installed
15741| [75905] Microsoft Windows Knowledge Base Article 2707956 update is not installed
15742| [71991] Microsoft Windows Knowledge Base Article 2607664 update is not installed
15743| [71542] Microsoft Windows Knowledge Base Article 2607702 update is not installed
15744| [70945] Microsoft Windows Knowledge Base Article 2603381 update is not installed
15745| [70150] Microsoft Windows Knowledge Base Article 2607670 update is not installed
15746| [67755] Microsoft Windows Knowledge Base Article 2503665 update is not installed
15747| [67749] Microsoft Windows Knowledge Base Article 2507938 update is not installed
15748| [66845] Microsoft Windows Knowledge Base Article 2506014 update is not installed
15749| [66844] Microsoft Windows Knowledge Base Article 2501584 update is not installed
15750| [66448] Microsoft Windows Knowledge Base Article 2508272 update is not installed
15751| [66442] Microsoft Windows Knowledge Base Article 2509553 update is not installed
15752| [66440] Microsoft Windows Knowledge Base Article 2508429 update is not installed
15753| [66438] Microsoft Windows Knowledge Base Article 2507618 update is not installed
15754| [66430] Microsoft Windows Knowledge Base Article 2503658 update is not installed
15755| [66425] Microsoft Windows Knowledge Base Article 2506223 update is not installed
15756| [65570] Microsoft Windows Knowledge Base Article 2500212 update is not installed
15757| [65568] Microsoft Windows Knowledge Base Article 2508062 update is not installed
15758| [63840] Microsoft Visual C++ 2008 Redistributable Package dynamic-linked library (DLL) code execution
15759| [63780] Microsoft PowerPoint 2007 dynamic-linked library (rpawinet.dll) code execution
15760| [63775] Microsoft Visio 2003 dynamic-linked library (mfc71enu.dll) code execution
15761| [63586] Microsoft Windows Knowledge Base Article 2207559 update is not installed
15762| [63573] Microsoft Windows Knowledge Base Article 2407132 update is not installed
15763| [62797] Microsoft Windows Knowledge Base Article 2305420 update is not installed
15764| [62149] Microsoft Windows Knowledge Base Article 2207566 update is not installed
15765| [62133] Microsoft Windows Knowledge Base Article 2405882 update is not installed
15766| [53980] Microsoft Windows 2000 License Logging Server buffer overflow
15767| [53601] Microsoft Office 2008 for Mac user ID 502 security bypass
15768| [50973] Microsoft Windows Server 2003 and Vista win32k.sys denial of service
15769| [50759] Microsoft Windows 2000 Active Directory LDAP code execution
15770| [48595] Microsoft Word 2007 Email as PDF information disclosure
15771| [46102] Microsoft Windows 2003 SP2 is not installed on the system
15772| [46101] Microsoft Windows 2003 SP1 is not installed on the system
15773| [45186] Microsoft SQL Server 2000 SQLVDIRLib.SQLVDirControl ActiveX control buffer overflow
15774| [37200] Microsoft SQL Server 2000 Service Pack 1 update is not installed
15775| [37198] Microsoft SQL Server 2000 Service Pack 3 update is not installed
15776| [34634] Microsoft Windows Server 2003 Active Directory information disclosure
15777| [34599] Microsoft Windows Server 2003 terminal server security bypass
15778| [34473] Microsoft Office 2000 ActiveX control buffer overflow
15779| [33713] Microsoft Word 2007 multiple unspecified denial of service
15780| [33712] Microsoft Word 2007 wwlib.dll buffer overflow
15781| [32631] Microsoft SQL Server 2000 Service Pack 2 update is not installed
15782| [31821] Microsoft Windows time zone update for year 2007
15783| [31196] Microsoft Office 2003 Brazilian Grammar Checker buffer overflow
15784| [30905] Microsoft Project Server 2003 pdsrequest.asp information disclosure
15785| [29546] Microsoft Windows 2000/2003 user logoff initiated
15786| [29545] Microsoft Windows 2000/2003 system time changed
15787| [29544] Microsoft Windows 2000/2003 system security access removed
15788| [29543] Microsoft Windows 2000/2003 security access granted
15789| [29542] Microsoft Windows 2000/2003 SAM notification package loaded
15790| [29541] Microsoft Windows 2000/2003 primary security token issued
15791| [29540] Microsoft Windows 2000/2003 user password reset successful
15792| [29539] Microsoft Windows 2000/2003 object indirectly accessed
15793| [29538] Microsoft Windows 2000/2003 object handle duplicated
15794| [29537] Microsoft Windows 2000/2003 logon with explicit credentials success
15795| [29536] Microsoft Windows 2000/2003 logon attempt using explicit credentials unsuccessful
15796| [29535] Microsoft Windows 2000/2003 IPSEC policy agent failed
15797| [29534] Microsoft Windows 2000/2003 IPSEC policy agent disabled
15798| [29533] Microsoft Windows 2000/2003 IPSEC policy agent changed
15799| [29532] Microsoft Windows 2000/2003 IKE security association established
15800| [29531] Microsoft Windows 2000/2003 IKE quick mode association ended
15801| [29530] Microsoft Windows 2000/2003 IKE main mode association ended
15802| [29529] Microsoft Windows 2000/2003 IKE association negotiation failed
15803| [29528] Microsoft Windows 2000/2003 IKE association peer authentication failed
15804| [29527] Microsoft Windows 2000/2003 IKE association failed invalid proposal
15805| [29526] Microsoft Windows 2000/2003 IKE association failed authentication parameters
15806| [29525] Microsoft Windows 2000/2003 DPAPI master key backup attempted
15807| [29524] Microsoft Windows 2000/2003 DPAPI key recovery attempted
15808| [29523] Microsoft Windows 2000/2003 DPAPI auditable data unprotected
15809| [29522] Microsoft Windows 2000/2003 administrative group security descriptor set
15810| [29521] Microsoft Windows 2000/2003 account name changed
15811| [29507] Microsoft Office 2003 unspecified PowerPoint NULL pointer dereference denial of service
15812| [28512] Microsoft Internet Explorer multiple Windows 2000 COM object denial of service
15813| [28005] Microsoft Windows 2000 Management Console (MMC) resource file cross-site scripting
15814| [26118] Microsoft Office 2003 mailto: information disclosure
15815| [25330] Microsoft Commerce Server 2002 authfiles/login.asp authentication bypass
15816| [24474] Microsoft Windows 2000 LDAP client accepts untrusted CA
15817| [24473] Microsoft Windows 2000 event ID 565 not logged
15818| [24472] Microsoft Windows 2000 Event ID 1704 records incorrect group policy settings
15819| [24407] Microsoft Windows 2000 SECEDIT command fails to set ACLs correctly
15820| [24405] Microsoft Windows 2000 UPN credentials with trailing dot group policy bypass
15821| [24403] Microsoft Windows 2000 WideCharToMultiByte() incorrect Japanese character conversion
15822| [24402] Microsoft Windows 2000 Terminal Service client IP not logged
15823| [24400] Microsoft Windows 2000 domain authentication can be bypassed by a local administrator
15824| [23066] Microsoft Windows XP and 2000 Server MSRPC memory allocation denial of service
15825| [22318] Microsoft SQL Server 2000 Service Pack 4 update is not installed
15826| [22183] Microsoft Exchange Server 2003 public folder denial of service
15827| [21345] Microsoft Windows 2000 Update Rollup 1 for Service Pack 4 has not been installed
15828| [21315] Microsoft Outlook 2002 connector for Domino bypass restrictions
15829| [19969] Multiple Microsoft Windows Server 2003 Edition printer driver denial of service
15830| [19965] Multiple Microsoft Windows Server 2003 Editions SMB redirector denial of service
15831| [19727] Microsoft Windows 2000 GDI32.DLL denial of service
15832| [19629] Microsoft Exchange Server 2003 folder denial of service
15833| [17826] Microsoft Outlook 2003 CID security bypass
15834| [17624] Microsoft Windows XP and Windows Server 2003 Compressed Folders buffer overflow
15835| [17621] Microsoft Windows 2003 SMTP service code execution
15836| [17560] Microsoft Windows 2000 and XP GDI library denial of service
15837| [17521] Microsoft Windows 2000 Service Pack 4 is not installed
15838| [16913] Microsoft Windows 2003 users with Synchronize directory service data privilege
15839| [16912] Microsoft Windows 2003 groups with Synchronize directory service data privilege
15840| [16909] Microsoft Windows 2003 groups with Remove computer from docking station privilege
15841| [16907] Microsoft Windows 2003 users with Create global objects privilege
15842| [16905] Microsoft Windows 2003 users or groups with Create global objects privilege
15843| [16851] Microsoft Windows 2003 and XP WinKey and U key denial of service
15844| [16704] Microsoft Windows 2000 Media Player control code execution
15845| [16582] Microsoft Windows Server 2003 kernel CPU denial of service
15846| [16572] Microsoft Windows 2003 Users with Impersonate a client after authentication privilege
15847| [16570] Microsoft Windows 2003 Users with Create global objects privilege
15848| [16564] Microsoft Windows 2003 Groups with Create global objects privilege
15849| [16562] Microsoft Windows 2003 Groups with "
15850| [16522] Microsoft Windows 2003 Impersonate a client after authentication privilege
15851| [16521] Microsoft Windows 2003 Deny Logon Through Terminal Services privilege
15852| [16520] Microsoft Windows 2003 Create global objects privilege
15853| [16276] Microsoft Windows 2000 Advanced Server fully qualified domain name security bypass
15854| [16173] Microsoft Outlook 2003 OLE object bypass restricted security zone
15855| [16119] Microsoft Outlook 2000 URL spoofing
15856| [16104] Microsoft Outlook 2003 predictable file location could allow code execution
15857| [16095] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
15858| [15704] Microsoft Windows XP and Windows Server 2003 HCP URL code execution
15859| [15700] Microsoft Windows 2000 Domain Controller LSASS LDAP message denial of service
15860| [15632] Microsoft Windows 2000 Utility Manger allows privilege escalation
15861| [15414] Microsoft Outlook 2002 mailto URL allows execution of code
15862| [15263] Microsoft Windows XP and 2000 Server kernel allows elevated privileges
15863| [15057] Microsoft Windows XP and Windows Server 2003 smbmount Linux client denial of service
15864| [15038] Microsoft Windows 2000 Server Windows Media Services denial of service
15865| [15037] Microsoft Windows Server 2003 WINS /GS flag denial of service
15866| [14178] Microsoft ISA Exchange Server 2003 MS04-002 patch is not installed
15867| [14167] Microsoft ISA Server 2000 H.323 filter buffer overflow
15868| [13426] Microsoft Windows 2000 and XP RPC race condition
15869| [13423] Microsoft Windows 2000 Local Troubleshooter ActiveX control buffer overflow
15870| [13407] Microsoft Windows 2000 Server mqsvc.exe MQLocateBegin packet buffer overflow
15871| [13385] Microsoft Windows Server 2003 "
15872| [13211] Microsoft Windows 2000 and XP URG memory leak
15873| [13171] Microsoft Windows Server 2003 can allow attacker to bypass mechanism used to detect buffer overflows
15874| [13131] Microsoft Windows 2000 Message Queue Manager buffer overflow
15875| [12684] Microsoft Exchange Server OWA Outlook 2003 denial of service
15876| [12652] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension POST request buffer overflow
15877| [12620] Microsoft Windows 2000 Server SMTP FILETIME denial of service
15878| [12543] Microsoft Windows 2000 Accessibility Utility Manager could allow an attacker to gain privileges
15879| [12493] Microsoft Windows Shell32.dll 2000 ShellExecute function buffer overflow
15880| [12489] Microsoft Windows 2000 Server Active Directory buffer overflow
15881| [12128] Microsoft Windows 2000 and Windows NT MS03-019 patch is not installed
15882| [12092] Microsoft Windows 2000 and NT 4.0 Server IIS ISAPI nsiislog.dll extension buffer overflow
15883| [12048] Microsoft Windows 2000 and Windows Server 2003 LAN Manager hash creation enabled
15884| [11901] Microsoft BizTalk Server 2002 SQL injection
15885| [11900] Microsoft BizTalk Server 2002 HTTP Receiver function buffer overflow
15886| [11816] Microsoft Windows 2000 Terminal Services MSGINA.DLL insecure access permissions
15887| [11696] Microsoft Windows 2000 Terminal Services man-in-the-middle attack
15888| [11617] Microsoft Windows 2000 MS03-007 patch is not installed on the system
15889| [11546] Microsoft Windows 2000 Windows Help Facility .cnt file buffer overflow
15890| [11329] Microsoft Windows NT and 2000 cmd.exe CD path name buffer overflow
15891| [11274] Microsoft Windows 2000 NetBIOS continuation packets denial of service
15892| [11273] Microsoft Windows 2000 RPC service could allow an attacker to gain elevated privileges
15893| [11216] Microsoft Windows NT and 2000 command prompt denial of service
15894| [11141] Microsoft Windows 2000 Terminal Services MSGINA.DLL denial of service
15895| [11133] Microsoft Outlook 2002 using V1 Exchange Server Security certificates transmits plaintext emails
15896| [10843] Microsoft Windows 2000 and XP SMB signing group policy modification
15897| [10431] Microsoft Windows 2000 SNMP LANMAN Extension memory leak denial of service
15898| [10400] Microsoft Windows 2000 RPC TCP port 135 denial of service
15899| [10377] Microsoft Windows XP and 2000 administrative alerts fail when security event log is full
15900| [10199] Microsoft Windows 2000/XP PPTP packet buffer overflow
15901| [10195] Microsoft FrontPage Server Extensions (FPSE) 2002 SmartHTML Interpreter buffer overflow
15902| [10194] Microsoft FrontPage Server Extensions (FPSE) 2000 SmartHTML Interpreter denial of service
15903| [9946] Microsoft Windows 2000 Terminal Services session screensaver fails to lock the console
15904| [9856] Microsoft Windows 2000 NCM handler routine could allow elevated privileges
15905| [9779] Microsoft Windows 2000 weak system partition permissions
15906| [9752] Microsoft Windows 2000 Service Pack 3 is not installed
15907| [9746] Microsoft Windows 2000 HTML Help item parameter buffer overflow
15908| [9625] Microsoft Windows 2000 Narrator allows login information to be audible
15909| [9154] Microsoft Data Engine (MSDE) and Microsoft SQL Server 2000 Desktop Engine have a default blank "
15910| [8867] Microsoft Windows 2000 LanMan denial of service
15911| [8813] Microsoft Windows 2000 Terminal Services allows attacker to bypass group policy settings
15912| [8759] Microsoft Windows 2000 could allow an attacker to block the application of Group Policy settings
15913| [8752] Microsoft Windows NT, 2000, and XP MUP buffer overflow
15914| [8739] Microsoft Windows 2000 DCOM memory leak
15915| [8708] Microsoft Outlook 2000 and 2002 executes embedded script in object tag when replying or forwarding HTML mail
15916| [8402] Microsoft Windows 2000 allows an attacker to bypass password policy
15917| [8307] Microsoft Windows 2000, Windows XP, and Exchange 2000 SMTP data transfer command denial of service
15918| [8304] Microsoft Windows 2000 and Exchange 5.5 SMTP service unauthorized mail privileges
15919| [8254] Microsoft Commerce Server 2000 AuthFilter ISAPI filter buffer overflow
15920| [8199] Microsoft Windows 2000 Terminal Services unlocked client
15921| [8094] Microsoft Windows 2000 and Interix 2.2 Telnet protocol option buffer overflow
15922| [8092] Microsoft Exchange 2000 System Attendant sets incorrect registry permissions
15923| [8043] Microsoft Windows NT, 2000, and XP using NTFS could allow files to be hidden
15924| [8037] Microsoft Windows 2000 empty TCP packet denial of service
15925| [8023] Microsoft Windows NT and Windows 2000 SIDs could allow an attacker to gain elevated privileges in another domain
15926| [7919] Microsoft IIS 4.0 and Norton Internet Security 2001 default permissions could allow an attacker to modify log files
15927| [7667] Microsoft Windows 2000 IKE UDP packet flood denial of service
15928| [7566] Microsoft IIS 2.0 and 3.0 upgraded to Microsoft IIS 4.0 fails to remove the ism.dll file
15929| [7538] Microsoft Windows 2000 and XP Terminal services allow an attacker to spoof IP addresses
15930| [7533] Microsoft Windows 2000 RunAs service denial of service
15931| [7532] Microsoft Windows 2000 RunAs service allows local attacker to bypass pipe authentication
15932| [7531] Microsoft Windows 2000 RunAs service reveals sensitive information
15933| [7528] Microsoft Windows NT and Windows 2000 malformed RPC request denial of service
15934| [7409] Microsoft Windows 2000 and Windows XP GDI denial of service
15935| [7302] Microsoft Windows NT and 2000 Terminal Server malformed RDP packet series denial of service
15936| [7008] Microsoft Windows 2000 IrDA device denial of service
15937| [6977] Microsoft Windows NT and 2000 NNTP memory leak denial of service
15938| [6931] Microsoft Windows 2000 without Service Pack 2
15939| [6919] Microsoft Windows 2000 Task Manager does not terminate malicious files with the same name as a system process
15940| [6912] Microsoft Windows NT and 2000 Terminal Server RDP memory leak denial of service
15941| [6876] Microsoft Windows 2000 could allow an attacker to change network passwords
15942| [6803] Microsoft Windows 2000 SMTP service allows mail relaying
15943| [6745] Microsoft Windows 2000 LDAP function could allow domain user password change
15944| [6669] Microsoft Windows 2000 Telnet system call denial of service
15945| [6668] Microsoft Windows 2000 Telnet handle leak denial of service
15946| [6667] Microsoft Windows 2000 Telnet multiple idle sessions denial of service
15947| [6666] Microsoft Windows 2000 Telnet username denial of service
15948| [6665] Microsoft Windows 2000 Telnet service weak domain authentication
15949| [6664] Microsoft Windows 2000 Telnet service predictable pipe names could allow elevation of privileges
15950| [6652] Microsoft Exchange 2000 OWA script execution
15951| [6590] Microsoft Windows 2000 debug registers allow attacker to gain elevated privileges
15952| [6506] Microsoft Windows 2000 Server Kerberos denial of service
15953| [6443] Microsoft Windows 2000 catalog file could remove installed hotfixes
15954| [6160] Microsoft Windows 2000 event viewer buffer overflow
15955| [6136] Microsoft Windows 2000 domain controller denial of service
15956| [6035] Microsoft Windows 2000 Server RDP denial of service
15957| [5973] Microsoft Windows 2000 EFS allows local user to recover sensitive data
15958| [5936] Microsoft Windows 2000 Server Directory Service Restore Mode allows user to login with blank password
15959| [5800] Microsoft Windows 2000 Index Service ActiveX controls allow unauthorized access to file information
15960| [5623] Microsoft Windows NT and 2000 Phone Book service buffer overflow
15961| [5598] Microsoft Windows 2000 Telnet daemon could allow a denial of service
15962| [5585] Microsoft Windows 2000 brute force attack
15963| [5502] Microsoft Windows 2000 Indexing Services ixsso.query
15964| [5467] Microsoft Windows 2000 System Monitor ActiveX control buffer overflow
15965| [5399] Microsoft Windows NT and 2000 Network Monitor buffer overflow
15966| [5301] Microsoft Windows 2000 Simplified Chinese IME State Recognition
15967| [5263] Microsoft Office 2000 executes .dll without users knowledge
15968| [5242] Microsoft Windows 2000 Telnet client NTLM authentication weakness
15969| [5222] Microsoft Windows 2000 malformed RPC packet denial of service
15970| [5203] Microsoft Windows 2000 still image service
15971| [5171] Microsoft Windows 2000 Local Security Policy corruption
15972| [5080] Microsoft Office 2000 HTML object tag buffer overflow
15973| [5033] Microsoft Windows 2000 without Service Pack 1
15974| [5031] Microsoft Windows 2000 Service Control Manager named pipe could allow a unauthorized user to gain privileges
15975| [5015] Microsoft Windows NT and 2000 executable path
15976| [4887] Microsoft Windows 2000 Kerberos ticket renewed
15977| [4886] Microsoft Windows 2000 logon session reconnected
15978| [4885] Microsoft Windows 2000 logon session disconnected
15979| [4882] Microsoft Windows 2000 Kerberos pre-authentication failed
15980| [4873] Microsoft Windows 2000 user account mapped for logon
15981| [4872] Microsoft Windows 2000 account logon failed
15982| [4871] Microsoft Windows 2000 account used for logon
15983| [4855] Microsoft Windows 2000 group type change
15984| [4842] Microsoft Internet Explorer and Microsoft Powerpoint 2000 ActiveX object execution
15985| [4841] Microsoft Internet Explorer and Microsoft Access 2000 VBA code execution
15986| [4823] Microsoft Windows 2000 Telnet server binary stream denial of service
15987| [4819] Microsoft Windows 2000 default SYSKEY configuration
15988| [4787] Microsoft Windows 2000 user account locked out
15989| [4786] Microsoft Windows 2000 computer account created
15990| [4785] Microsoft Windows 2000 computer account changed
15991| [4784] Microsoft Windows 2000 computer account deleted
15992| [4714] Microsoft Windows 2000 "
15993| [4589] Microsoft Windows 2000 protected store can be compromised by brute force attack
15994| [4278] Microsoft Windows 2000 unattended install does not secure All Users profile
15995| [4138] Microsoft Windows 2000 system file integrity feature is disabled
15996| [4086] Microsoft Windows 2000 may not start Jaz drives correctly
15997| [4085] Microsoft Windows 2000 non-Gregorial calendar error
15998| [4084] Microsoft Windows 2000 may prevent Adobe FrameMaker files from being saved in some formats
15999| [4083] Microsoft Windows 2000 Terminal Services may damage Office files saved as HTML
16000| [4082] Microsoft Windows 2000 and Iomega parallel port drives display error
16001| [4080] Microsoft Windows 2000 AOL image support
16002| [4079] Microsoft Windows 2000 High Encryption Pack
16003| [3854] Microsoft Office 2000 security setting
16004| [1376] Microsoft Proxy 2.0 denial of service
16005| [86256] Microsoft Windows Knowledge Base Article 2876063 update is not installed
16006| [86097] Microsoft Windows Knowledge Base Article 2859537 update is not installed
16007| [86091] Microsoft Windows Knowledge Base Article 2868623 update is not installed
16008| [86089] Microsoft Windows Knowledge Base Article 2862772 update is not installed
16009| [86075] Microsoft Windows Knowledge Base Article 2850869 update is not installed
16010| [86073] Microsoft Windows Knowledge Base Article 2873872 update is not installed
16011| [86070] Microsoft Windows Knowledge Base Article 2849568 update is not installed
16012| [85245] Microsoft Windows Knowledge Base Article 2848295 update is not installed
16013| [85244] Microsoft Windows Knowledge Base Article 2847927 update is not installed
16014| [85243] Microsoft Windows Knowledge Base Article 2861561 update is not installed
16015| [85236] Microsoft Windows Knowledge Base Article 2850851 update is not installed
16016| [85227] Microsoft Windows Knowledge Base Article 2847883 update is not installed
16017| [85223] Microsoft Windows Knowledge Base Article 2846071 update is not installed
16018| [85205] Microsoft Windows Knowledge Base Article 2845187 update is not installed
16019| [84621] Microsoft Windows Knowledge Base Article 2845690 update is not installed
16020| [84619] Microsoft Windows Knowledge Base Article 2839894 update is not installed
16021| [84617] Microsoft Windows Knowledge Base Article 2839571 update is not installed
16022| [84615] Microsoft Windows Knowledge Base Article 2839229 update is not installed
16023| [84613] Microsoft Windows Knowledge Base Article 2838727 update is not installed
16024| [84156] Microsoft Windows Knowledge Base Article 2847204 update is not installed
16025| [83912] Microsoft Windows Knowledge Base Article 2829254 update is not installed
16026| [83910] Microsoft Windows Knowledge Base Article 2829530 update is not installed
16027| [83898] Microsoft Windows Knowledge Base Article 2830397 update is not installed
16028| [83886] Microsoft Windows Knowledge Base Article 2830399 update is not installed
16029| [83884] Microsoft Windows Knowledge Base Article 2834692 update is not installed
16030| [83882] Microsoft Windows Knowledge Base Article 2834695 update is not installed
16031| [83880] Microsoft Windows Knowledge Base Article 2836440 update is not installed
16032| [83876] Microsoft Windows Knowledge Base Article 2840221 update is not installed
16033| [83192] Microsoft Windows Knowledge Base Article 2817183 update is not installed
16034| [83100] Microsoft Windows Knowledge Base Article 2830914 update is not installed
16035| [83098] Microsoft Windows Knowledge Base Article 2829996 update is not installed
16036| [83093] Microsoft Windows Knowledge Base Article 2828223 update is not installed
16037| [83091] Microsoft Windows Knowledge Base Article 2813170 update is not installed
16038| [83088] Microsoft Windows Knowledge Base Article 2827663 update is not installed
16039| [83086] Microsoft Windows Knowledge Base Article 2823482 update is not installed
16040| [83084] Microsoft Windows Knowledge Base Article 2821818 update is not installed
16041| [83082] Microsoft Windows Knowledge Base Article 2820917 update is not installed
16042| [82600] Microsoft Windows Knowledge Base Article 2813707 update is not installed
16043| [82424] Microsoft Windows Knowledge Base Article 2814124 update is not installed
16044| [82422] Microsoft Windows Knowledge Base Article 2780176 update is not installed
16045| [82401] Microsoft Windows Knowledge Base Article 2813682 update is not installed
16046| [82399] Microsoft Windows Knowledge Base Article 2816264 update is not installed
16047| [81683] Microsoft Windows Knowledge Base Article 2780091 update is not installed
16048| [81681] Microsoft Windows Knowledge Base Article 2784242 update is not installed
16049| [81680] Microsoft Windows Knowledge Base Article 2790113 update is not installed
16050| [81678] Microsoft Windows Knowledge Base Article 2790655 update is not installed
16051| [81676] Microsoft Windows Knowledge Base Article 2790978 update is not installed
16052| [81674] Microsoft Windows Knowledge Base Article 2797052 update is not installed
16053| [81672] Microsoft Windows Knowledge Base Article 2799494 update is not installed
16054| [81666] Microsoft Windows Knowledge Base Article 2778344 update is not installed
16055| [81634] Microsoft Windows Knowledge Base Article 2792100 update is not installed
16056| [81339] Microsoft Windows Knowledge Base Article 2799329 update is not installed
16057| [80875] Microsoft Windows Knowledge Base Article 2756145 update is not installed
16058| [80872] Microsoft Windows Knowledge Base Article 2769324 update is not installed
16059| [80867] Microsoft Windows Knowledge Base Article 2769327 update is not installed
16060| [80865] Microsoft Windows Knowledge Base Article 2769369 update is not installed
16061| [80863] Microsoft Windows Knowledge Base Article 2778930 update is not installed
16062| [80861] Microsoft Windows Knowledge Base Article 2785220 update is not installed
16063| [80365] Microsoft Windows Knowledge Base Article 2761465 update is not installed
16064| [80360] Microsoft Windows Knowledge Base Article 2765809 update is not installed
16065| [80358] Microsoft Windows Knowledge Base Article 2770660 update is not installed
16066| [80356] Microsoft Windows Knowledge Base Article 2780642 update is not installed
16067| [80352] Microsoft Windows Knowledge Base Article 2783534 update is not installed
16068| [80349] Microsoft Windows Knowledge Base Article 2784126 update is not installed
16069| [79693] Microsoft Windows Knowledge Base Article 2745030 update is not installed
16070| [79687] Microsoft Windows Knowledge Base Article 2761451 update is not installed
16071| [79683] Microsoft Windows Knowledge Base Article 2761226 update is not installed
16072| [79679] Microsoft Windows Knowledge Base Article 2758857 update is not installed
16073| [79677] Microsoft Windows Knowledge Base Article 2727528 update is not installed
16074| [78864] Microsoft Windows Knowledge Base Article 2754670 update is not installed
16075| [78862] Microsoft Windows Knowledge Base Article 2743555 update is not installed
16076| [78858] Microsoft Windows Knowledge Base Article 2754849 update is not installed
16077| [78856] Microsoft Windows Knowledge Base Article 2724197 update is not installed
16078| [78853] Microsoft Windows Knowledge Base Article 2741517 update is not installed
16079| [78851] Microsoft Windows Knowledge Base Article 2742319 update is not installed
16080| [78848] Microsoft Windows Knowledge Base Article 2742321 update is not installed
16081| [78760] Microsoft Windows Knowledge Base Article 2744842 update is not installed
16082| [78077] Microsoft Windows Knowledge Base Article 2741528 update is not installed
16083| [78075] Microsoft Windows Knowledge Base Article 2720184 update is not installed
16084| [78071] Microsoft Windows Knowledge Base Article 2748552 update is not installed
16085| [77512] Microsoft Windows Knowledge Base Article 2740358 update is not installed
16086| [77362] Microsoft Windows Knowledge Base Article 2733918 update is not installed
16087| [77360] Microsoft Windows Knowledge Base Article 2733829 update is not installed
16088| [77357] Microsoft Windows Knowledge Base Article 2733594 update is not installed
16089| [77352] Microsoft Windows Knowledge Base Article 2731879 update is not installed
16090| [77350] Microsoft Windows Knowledge Base Article 2731847 update is not installed
16091| [77348] Microsoft Windows Knowledge Base Article 2723135 update is not installed
16092| [77346] Microsoft Windows Knowledge Base Article 2722913 update is not installed
16093| [77342] Microsoft Windows Knowledge Base Article 2720573 update is not installed
16094| [77325] Microsoft Windows Knowledge Base Article 2719584 update is not installed
16095| [76808] Microsoft Windows Knowledge Base Article 2721015 update is not installed
16096| [76725] Microsoft Windows Knowledge Base Article 2722479 update is not installed
16097| [76724] Microsoft Windows Knowledge Base Article 2719177 update is not installed
16098| [76721] Microsoft Windows Knowledge Base Article 2718523 update is not installed
16099| [76718] Microsoft Windows Knowledge Base Article 2698365 update is not installed
16100| [76711] Microsoft Windows Knowledge Base Article 2695502 update is not installed
16101| [76704] Microsoft Windows Knowledge Base Article 2691442 update is not installed
16102| [76702] Microsoft Windows Knowledge Base Article 2655992 update is not installed
16103| [75963] Microsoft Windows Knowledge Base Article 2699988 update is not installed
16104| [75939] Microsoft Windows Knowledge Base Article 2685939 update is not installed
16105| [75928] Microsoft Windows Knowledge Base Article 2711167 update is not installed
16106| [75136] Microsoft Windows Knowledge Base Article 2693777 update is not installed
16107| [75132] Microsoft Windows Knowledge Base Article 2690533 update is not installed
16108| [75130] Microsoft Windows Knowledge Base Article 2688338 update is not installed
16109| [75127] Microsoft Windows Knowledge Base Article 2681578 update is not installed
16110| [75123] Microsoft Windows Knowledge Base Article 2680352 update is not installed
16111| [75116] Microsoft Windows Knowledge Base Article 2597981 update is not installed
16112| [74556] Microsoft Windows Knowledge Base Article 2639185 update is not installed
16113| [74384] Microsoft Windows Knowledge Base Article 2675157 update is not installed
16114| [74378] Microsoft Windows Knowledge Base Article 2671605 update is not installed
16115| [74373] Microsoft Windows Knowledge Base Article 2664258 update is not installed
16116| [74369] Microsoft Windows Knowledge Base Article 2663860 update is not installed
16117| [73543] Microsoft Windows Knowledge Base Article 2671387 update is not installed
16118| [73540] Microsoft Windows Knowledge Base Article 2665364 update is not installed
16119| [73538] Microsoft Windows Knowledge Base Article 2651019 update is not installed
16120| [73536] Microsoft Windows Knowledge Base Article 2651018 update is not installed
16121| [73533] Microsoft Windows Knowledge Base Article 2647170 update is not installed
16122| [73530] Microsoft Windows Knowledge Base Article 2641653 update is not installed
16123| [72887] Microsoft Windows Knowledge Base Article 2663841 update is not installed
16124| [72873] Microsoft Windows Knowledge Base Article 2663830 update is not installed
16125| [72867] Microsoft Windows Knowledge Base Article 2663510 update is not installed
16126| [72857] Microsoft Windows Knowledge Base Article 2661637 update is not installed
16127| [72855] Microsoft Windows Knowledge Base Article 2660465 update is not installed
16128| [72853] Microsoft Windows Knowledge Base Article 2653956 update is not installed
16129| [72851] Microsoft Windows Knowledge Base Article 2654428 update is not installed
16130| [72849] Microsoft Windows Knowledge Base Article 2651026 update is not installed
16131| [72846] Microsoft Windows Knowledge Base Article 2647516 update is not installed
16132| [72841] Microsoft Windows Knowledge Base Article 2645640 update is not installed
16133| [72838] Microsoft Windows Knowledge Base Article 2643719 update is not installed
16134| [72029] Microsoft Windows Knowledge Base Article 2638420 update is not installed
16135| [72003] Microsoft Windows Knowledge Base Article 2646524 update is not installed
16136| [71998] Microsoft Windows Knowledge Base Article 2644615 update is not installed
16137| [71995] Microsoft Windows Knowledge Base Article 2643584 update is not installed
16138| [71994] Microsoft Windows Knowledge Base Article 2636391 update is not installed
16139| [71565] Microsoft Windows Knowledge Base Article 2648048 update is not installed
16140| [71562] Microsoft Windows Knowledge Base Article 2640241 update is not installed
16141| [71560] Microsoft Windows Knowledge Base Article 2640045 update is not installed
16142| [71558] Microsoft Windows Knowledge Base Article 2639417 update is not installed
16143| [71557] Microsoft Windows Knowledge Base Article 2639142 update is not installed
16144| [71554] Microsoft Windows Knowledge Base Article 2633171 update is not installed
16145| [71552] Microsoft Windows Knowledge Base Article 2624667 update is not installed
16146| [71550] Microsoft Windows Knowledge Base Article 2620712 update is not installed
16147| [71548] Microsoft Windows Knowledge Base Article 2618451 update is not installed
16148| [71546] Microsoft Windows Knowledge Base Article 2618444 update is not installed
16149| [71538] Microsoft Windows Knowledge Base Article 2590602 update is not installed
16150| [70951] Microsoft Windows Knowledge Base Article 2630837 update is not installed
16151| [70949] Microsoft Windows Knowledge Base Article 2620704 update is not installed
16152| [70947] Microsoft Windows Knowledge Base Article 2617657 update is not installed
16153| [70943] Microsoft Windows Knowledge Base Article 2588516 update is not installed
16154| [70152] Microsoft Windows Knowledge Base Article 2623699 update is not installed
16155| [70140] Microsoft Windows Knowledge Base Article 2652016 update is not installed
16156| [70130] Microsoft Windows Knowledge Base Article 2586448 update is not installed
16157| [70115] Microsoft Windows Knowledge Base Article 2567053 update is not installed
16158| [69501] Microsoft Windows Knowledge Base Article 2587634 update is not installed
16159| [69498] Microsoft Windows Knowledge Base Article 2587505 update is not installed
16160| [69492] Microsoft Windows Knowledge Base Article 2571621 update is not installed
16161| [69490] Microsoft Windows Knowledge Base Article 2570947 update is not installed
16162| [68840] Microsoft Windows Knowledge Base Article 2451858 update is not installed
16163| [68833] Microsoft Windows Knowledge Base Article 2567943 update is not installed
16164| [68831] Microsoft Windows Knowledge Base Article 2570222 update is not installed
16165| [68829] Microsoft Windows Knowledge Base Article 2567951 update is not installed
16166| [68827] Microsoft Windows Knowledge Base Article 2578230 update is not installed
16167| [68825] Microsoft Windows Knowledge Base Article 2546250 update is not installed
16168| [68823] Microsoft Windows Knowledge Base Article 2559049 update is not installed
16169| [68816] Microsoft Windows Knowledge Base Article 2556532 update is not installed
16170| [68814] Microsoft Windows Knowledge Base Article 2560656 update is not installed
16171| [68812] Microsoft Windows Knowledge Base Article 2560978 update is not installed
16172| [68809] Microsoft Windows Knowledge Base Article 2562485 update is not installed
16173| [68806] Microsoft Windows Knowledge Base Article 2566454 update is not installed
16174| [68804] Microsoft Windows Knowledge Base Article 2563894 update is not installed
16175| [68801] Microsoft Windows Knowledge Base Article 2567680 update is not installed
16176| [68315] Microsoft Windows Knowledge Base Article 2555917 update is not installed
16177| [68299] Microsoft Windows Knowledge Base Article 2566220 update is not installed
16178| [68283] Microsoft Windows Knowledge Base Article 2560847 update is not installed
16179| [67955] Microsoft Windows Knowledge Base Article 2530548 update is not installed
16180| [67943] Microsoft Windows Knowledge Base Article 2544521 update is not installed
16181| [67762] Microsoft Windows Knowledge Base Article 2543893 update is not installed
16182| [67759] Microsoft Windows Knowledge Base Article 2544893 update is not installed
16183| [67757] Microsoft Windows Knowledge Base Article 2476490 update is not installed
16184| [67753] Microsoft Windows Knowledge Base Article 2514842 update is not installed
16185| [67751] Microsoft Windows Knowledge Base Article 2518295 update is not installed
16186| [67737] Microsoft Windows Knowledge Base Article 2520426 update is not installed
16187| [67733] Microsoft Windows Knowledge Base Article 2525694 update is not installed
16188| [67731] Microsoft Windows Knowledge Base Article 2525835 update is not installed
16189| [67728] Microsoft Windows Knowledge Base Article 2535512 update is not installed
16190| [67725] Microsoft Windows Knowledge Base Article 2536275 update is not installed
16191| [67722] Microsoft Windows Knowledge Base Article 2536276 update is not installed
16192| [67718] Microsoft Windows Knowledge Base Article 2537146 update is not installed
16193| [67709] Microsoft Windows Knowledge Base Article 2538814 update is not installed
16194| [67302] Microsoft Windows Knowledge Base Article 2545814 update is not installed
16195| [67101] Microsoft Windows Knowledge Base Article 2524426 update is not installed
16196| [66446] Microsoft Windows Knowledge Base Article 2514666 update is not installed
16197| [66444] Microsoft Windows Knowledge Base Article 2511455 update is not installed
16198| [66436] Microsoft Windows Knowledge Base Article 2497640 update is not installed
16199| [66432] Microsoft Windows Knowledge Base Article 2527308 update is not installed
16200| [66428] Microsoft Windows Knowledge Base Article 2489979 update is not installed
16201| [66423] Microsoft Windows kernel-mode driver (win32k.sys) variant 29 privilege escalation
16202| [66422] Microsoft Windows kernel-mode driver (win32k.sys) variant 28 privilege escalation
16203| [66421] Microsoft Windows kernel-mode driver (win32k.sys) variant 27 privilege escalation
16204| [66420] Microsoft Windows kernel-mode driver (win32k.sys) variant 26 privilege escalation
16205| [66419] Microsoft Windows kernel-mode driver (win32k.sys) variant 25 privilege escalation
16206| [66418] Microsoft Windows kernel-mode driver (win32k.sys) variant 24 privilege escalation
16207| [66417] Microsoft Windows kernel-mode driver (win32k.sys) variant 23 privilege escalation
16208| [66416] Microsoft Windows kernel-mode driver (win32k.sys) variant 22 privilege escalation
16209| [66415] Microsoft Windows kernel-mode driver (win32k.sys) variant 21 privilege escalation
16210| [66414] Microsoft Windows kernel-mode driver (win32k.sys) variant 20 privilege escalation
16211| [66396] Microsoft Windows kernel-mode driver (win32k.sys) variant 2 privilege escalation
16212| [66394] Microsoft Windows Knowledge Base Article 2485663 update is not installed
16213| [65588] Microsoft Windows Knowledge Base Article 2489279 update is not installed
16214| [65581] Microsoft Windows Knowledge Base Article 2510030 update is not installed
16215| [65580] Microsoft Windows Knowledge Base Article 2489283 update is not installed
16216| [65575] Microsoft Windows Knowledge Base Article 2489293 update is not installed
16217| [65573] Microsoft Windows Knowledge Base Article 2494047 update is not installed
16218| [64973] Microsoft Windows Knowledge Base Article 2478960 update is not installed
16219| [64971] Microsoft Windows Knowledge Base Article 2479628 update is not installed
16220| [64927] Microsoft Windows Knowledge Base Article 2393802 update is not installed
16221| [64925] Microsoft Windows Knowledge Base Article 2451879 update is not installed
16222| [64920] Microsoft Windows Knowledge Base Article 2475792 update is not installed
16223| [64918] Microsoft Windows Knowledge Base Article 2476687 update is not installed
16224| [64916] Microsoft Windows Knowledge Base Article 2478953 update is not installed
16225| [64914] Microsoft Windows Knowledge Base Article 2482017 update is not installed
16226| [64910] Microsoft Windows Knowledge Base Article 2483185 update is not installed
16227| [64909] Microsoft Windows Knowledge Base Article 2484015 update is not installed
16228| [64907] Microsoft Windows Knowledge Base Article 2485376 update is not installed
16229| [64905] Microsoft Windows Knowledge Base Article 2489256 update is not installed
16230| [64902] Microsoft Windows Knowledge Base Article 2496930 update is not installed
16231| [64342] Microsoft Windows Knowledge Base Article 2451910 update is not installed
16232| [64339] Microsoft Windows Knowledge Base Article 2478935 update is not installed
16233| [63584] Microsoft Windows Knowledge Base Article 2424434 update is not installed
16234| [63582] Microsoft Windows Knowledge Base Article 2423089 update is not installed
16235| [63580] Microsoft Windows Knowledge Base Article 2436673 update is not installed
16236| [63571] Microsoft Windows Knowledge Base Article 2440591 update is not installed
16237| [63569] Microsoft Windows Knowledge Base Article 2385678 update is not installed
16238| [63566] Microsoft Windows Knowledge Base Article 2442962 update is not installed
16239| [63564] Microsoft Windows Knowledge Base Article 2345316 update is not installed
16240| [63562] Microsoft Windows Knowledge Base Article 2296199 update is not installed
16241| [63558] Microsoft Windows Knowledge Base Article 2416400 update is not installed
16242| [63550] Microsoft Windows Knowledge Base Article 2447961 update is not installed
16243| [63548] Microsoft Windows Knowledge Base Article 2443105 update is not installed
16244| [63546] Microsoft Windows Knowledge Base Article 2455005 update is not installed
16245| [63544] Microsoft Windows Knowledge Base Article 2292970 update is not installed
16246| [62805] Microsoft Windows Knowledge Base Article 2316074 update is not installed
16247| [62793] Microsoft Windows Knowledge Base Article 2293386 update is not installed
16248| [62789] Microsoft Windows Knowledge Base Article 2423930 update is not installed
16249| [62170] Microsoft Windows Knowledge Base Article 2296011 update is not installed
16250| [62166] Microsoft Windows Knowledge Base Article 2294255 update is not installed
16251| [62163] Microsoft Windows Knowledge Base Article 2281679 update is not installed
16252| [62154] Microsoft Windows Knowledge Base Article 2279986 update is not installed
16253| [62147] Microsoft Windows Knowledge Base Article 2160841 update is not installed
16254| [62134] Microsoft Windows Knowledge Base Article 2412048 update is not installed
16255| [62129] Microsoft Windows Knowledge Base Article 2387149 update is not installed
16256| [62126] Microsoft Windows Knowledge Base Article 2378111 update is not installed
16257| [62123] Microsoft Windows Knowledge Base Article 2360937 update is not installed
16258| [62118] Microsoft Windows Knowledge Base Article 2293211 update is not installed
16259| [62104] Microsoft Windows Knowledge Base Article 2360131 update is not installed
16260| [62098] Microsoft Windows Knowledge Base Article 2293194 update is not installed
16261| [62069] Microsoft Windows Knowledge Base Article 2418042 update is not installed
16262| [61519] Microsoft Windows Knowledge Base Article 2121546 update is not installed
16263| [61517] Microsoft Windows Knowledge Base Article 2259922 update is not installed
16264| [61514] Microsoft Windows Knowledge Base Article 2267960 update is not installed
16265| [61510] Microsoft Windows Knowledge Base Article 2315011 update is not installed
16266| [61507] Microsoft Windows Knowledge Base Article 2320113 update is not installed
16267| [61504] Microsoft Windows Knowledge Base Article 2347290 update is not installed
16268| [60736] Microsoft Windows Knowledge Base Article 2265906 update is not installed
16269| [60734] Microsoft Windows Knowledge Base Article 2269638 update is not installed
16270| [60728] Microsoft Windows Knowledge Base Article 2269707 update is not installed
16271| [60724] Microsoft Windows Knowledge Base Article 2286198 update is not installed
16272| [60713] Microsoft Windows Knowledge Base Article 2183461 update is not installed
16273| [60698] Microsoft Windows Knowledge Base Article 2160329 update is not installed
16274| [60686] Microsoft Windows Knowledge Base Article 2115168 update is not installed
16275| [60684] Microsoft Windows Knowledge Base Article 2079403 update is not installed
16276| [60680] Microsoft Windows Knowledge Base Article 2264072 update is not installed
16277| [59901] Microsoft Windows Knowledge Base Article 2229593 update is not installed
16278| [59898] Microsoft Windows Knowledge Base Article 2229593 update is not installed
16279| [58913] Microsoft Windows Knowledge Base Article 2027452 update is not installed
16280| [58891] Microsoft Windows Knowledge Base Article 2028554 update is not installed
16281| [17004] Microsoft Windows XP Service Pack 2 is not installed on the system
16282| [9187] Microsoft Passport SDK 2.1 Component Configuration Document (CCD) permission
16283| [9146] Microsoft Passport SDK 2.1 events reporting disabled
16284| [9068] Microsoft Passport SDK 2.1 registry default permission exposure
16285| [9067] Microsoft Passport SDK 2.1 default test site exposure
16286| [9066] Microsoft Passport SDK 2.1 Adventure Works Sample Site exposure
16287| [9065] Microsoft Passport SDK 2.1 Adventure Works Sample Site global.asa file default permission exposure
16288| [9064] Microsoft Passport SDK 2.1 default time window exposure
16289| [1271] Microsoft IIS version 2 installed
16290| [621] Microsoft IIS 3.0 script source revealed by appending 2E to requests
16291|
16292| Exploit-DB - https://www.exploit-db.com:
16293| [30756] Microsoft Forms 2.0 ActiveX Control 2.0 Memory Access Violation Denial of Service Vulnerabilities
16294| [30749] Microsoft Office 2003 Web Component Memory Access Violation Denial of Service Vulnerability
16295| [30636] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (2)
16296| [30635] Microsoft Windows 2000/2003 Recursive DNS Spoofing Vulnerability (1)
16297| [30281] Microsoft .Net Framework <= 2.0 - Multiple Null Byte Injection Vulnerabilities
16298| [29664] Microsoft Office Publisher 2007 - Remote Denial of Service (DoS) Vulnerability
16299| [29660] Microsoft Office 2003 - Denial of Service (DoS) Vulnerability
16300| [29630] Microsoft Windows 2003/XP ReadDirectoryChangesW Information Disclosure Vulnerability
16301| [29524] Microsoft Word 2000 - Malformed Function Code Execution Vulnerability
16302| [28420] Microsoft Windows 2000 Multiple COM Object Instantiation Code Execution Vulnerabilities
16303| [28357] Microsoft Windows Explorer 2000/2003/XP Drag and Drop Remote Code Execution Vulnerability
16304| [28227] Microsoft Windows 2000/XP Registry Access Local Denial of Service Vulnerability
16305| [28226] Microsoft PowerPoint 2003 PPT File Closure Memory Corruption
16306| [28225] Microsoft PowerPoint 2003 powerpnt.exe Unspecified Issue
16307| [28224] Microsoft PowerPoint 2003 mso.dll PPT Processing Unspecified Code Execution
16308| [28198] Microsoft Office 2000/2002 Property Code Execution Vulnerability
16309| [28189] Microsoft Excel 2000-2004 Style Handling and Repair Remote Code Execution Vulnerability
16310| [28087] Microsoft Office 2003 Embedded Shockwave Flash Object Security Bypass Weakness
16311| [28005] Microsoft Exchange Server 2000/2003 Outlook Web Access Script Injection Vulnerability
16312| [26690] Microsoft Windows 2000/2003/XP CreateRemoteThread Local Denial of Service Vulnerability
16313| [26517] Microsoft Office PowerPoint 2007 - Crash PoC
16314| [26341] Microsoft Windows 2000/2003/XP MSDTC TIP Denial of Service Vulnerability
16315| [26222] Microsoft Windows 2000/2003/XP Keyboard Event Privilege Escalation Weakness
16316| [25384] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (2)
16317| [25383] Microsoft Windows 2000/XP Internet Protocol Validation Remote Code Execution Vulnerability (1)
16318| [25231] Microsoft Windows 2000/2003/XP Graphical Device Interface Library Denial of Service Vulnerability
16319| [25085] Microsoft Office XP 2000/2002 HTML Link Processing Remote Buffer Overflow Vulnerability
16320| [25084] Microsoft Outlook 2003 Web Access Login Form Remote URI Redirection Vulnerability
16321| [25050] Microsoft Windows 2000/2003/XP winhlp32 Phrase Heap Overflow Vulnerability
16322| [25049] Microsoft Windows 2000/2003/XP winhlp32 Phrase Integer Overflow Vulnerability
16323| [24686] Microsoft Outlook 2003 Security Policy Bypass Vulnerability
16324| [24277] Microsoft Windows 2000/NT 4 POSIX Subsystem Buffer Overflow Local Privilege Escalation Vulnerability
16325| [24114] Microsoft Outlook 2003Mail Client E-mail Address Verification Weakness
16326| [24101] Microsoft Outlook 2003 Predictable File Location Weakness
16327| [23989] Microsoft Windows 2000/NT 4 Local Descriptor Table Local Privilege Escalation Vulnerability
16328| [23796] Microsoft Outlook 2002 Mailto Parameter Quoting Zone Bypass Vulnerability
16329| [23019] Microsoft Windows 2000 Subnet Bandwidth Manager RSVP Server Authority Hijacking Vulnerability
16330| [22919] Microsoft ISA Server 2000 Cross-Site Scripting Vulnerabilities
16331| [22883] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (2)
16332| [22882] Microsoft Windows 2000 CreateFile API Named Pipe Privilege Escalation Vulnerability (1)
16333| [22837] Microsoft Windows 2000/NT 4 Media Services NSIISlog.DLL Remote Buffer Overflow
16334| [22782] Microsoft Windows 2000 Active Directory Remote Stack Overflow Vulnerability
16335| [22591] Microsoft Office Excel 2007 - WriteAV Crash PoC
16336| [22555] Microsoft BizTalk Server 2000/2002 DTA RawCustomSearchField.asp SQL Injection
16337| [22554] Microsoft BizTalk Server 2000/2002 DTA rawdocdata.asp SQL Injection Vulnerability
16338| [22553] Microsoft BizTalk Server 2002 HTTP Receiver Buffer Overflow Vulnerability
16339| [22528] Microsoft Windows 2000 RegEdit.EXE Registry Key Value Buffer Overflow Vulnerability
16340| [22354] Microsoft Windows 2000 Help Facility .CNT File :Link Buffer Overflow Vulnerability
16341| [21920] Microsoft Content Management Server 2001 Cross-Site Scripting Vulnerability
16342| [21718] Microsoft SQL 2000/7.0 Agent Jobs Privilege Elevation Vulnerability
16343| [21693] Microsoft SQL Server 2000 User Authentication Remote Buffer Overflow Vulnerability
16344| [21652] Microsoft SQL Server 2000 Resolution Service Heap Overflow Vulnerability
16345| [21651] Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability
16346| [21650] Microsoft SQL Server 2000 Database Consistency Checkers Buffer Overflow Vulnerability
16347| [21549] Microsoft SQL Server 2000 Password Encrypt Procedure Buffer Overflow Vulnerability
16348| [21541] Microsoft SQL Server 2000 SQLXML Script Injection Vulnerability
16349| [21540] Microsoft SQL Server 2000 SQLXML Buffer Overflow Vulnerability
16350| [21389] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (2)
16351| [21388] Microsoft Windows 2000 Lanman Denial of Service Vulnerability (1)
16352| [21344] Microsoft Windows 2000 / NT 4.0 Process Handle Local Privilege Elevation Vulnerability
16353| [21258] Microsoft Windows 2000/NT 4 NTFS File Hiding Vulnerability
16354| [21246] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (2)
16355| [21245] Microsoft Windows 2000/NT 4 TCP Stack DoS Vulnerability (1)
16356| [21172] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (2)
16357| [21171] Microsoft Windows 2000 Internet Key Exchange DoS Vulnerability (1)
16358| [21131] Microsoft Windows 2000/XP GDI Denial of Service Vulnerability
16359| [21123] Microsoft Windows 2000/NT Terminal Server Service RDP DoS Vulnerability
16360| [21113] Microsoft Index Server 2.0 File Information and Path Disclosure Vulnerability
16361| [21099] Microsoft Windows 2000 RunAs Service Denial of Services Vulnerability
16362| [21069] Microsoft Windows 2000 RunAs Service Named Pipe Hijacking Vulnerability
16363| [20907] Microsoft Windows 2000 Telnet Username DoS Vulnerability
16364| [20802] Microsoft IIS 2.0/3.0 Long URL Denial of Service Vulnerability
16365| [20763] Microsoft ISA Server 2000 Web Proxy DoS Vulnerability
16366| [20571] Microsoft Outlook 2000 0/98 0/Express 5.5 Concealed Attachment Vulnerability
16367| [20481] Microsoft IIS 2.0/3.0 Appended Dot Script Source Disclosure Vulnerability
16368| [20399] Microsoft Indexing Services for Windows 2000 File Verification Vulnerability
16369| [20335] Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability
16370| [20305] Microsoft Site Server 2.0 with IIS 4.0 - File Upload Vulnerability
16371| [20265] Microsoft Windows NT 4.0 / 2000 Spoofed LPC Request Vulnerability
16372| [20257] Microsoft Windows NT 4.0 / 2000 Predictable LPC Message Identifier Multiple Vulnerabilities
16373| [20255] Microsoft Windows NT 4.0 / 2000 LPC Zone Memory Depletion DoS Vulnerability
16374| [20222] Microsoft Windows 2000 telnet.exe NTLM Authentication Vulnerability
16375| [20209] Microsoft Windows 2000 Still Image Service Privilege Escalation Vulnerability
16376| [20133] Microsoft Windows 2000 Named Pipes Predictability Vulnerability
16377| [20122] Microsoft Office SharePoint Server 2007 Remote Code Execution
16378| [20096] Microsoft IIS 2.0/3.0/4.0/5.0/5.1 Internal IP Address Disclosure Vulnerability
16379| [20048] Microsoft Windows 2000 Remote CPU-overload Vulnerability
16380| [20047] Microsoft Windows 2000 Telnet Server DoS Vulnerability
16381| [19830] Microsoft Index Server 2.0 '%20' ASP Source Disclosure Vulnerability
16382| [19742] microsoft iis 3.0/4.0,microsoft index server 2.0 - Directory Traversal
16383| [19734] Microsoft Virtual Machine 2000 Series/3000 Series getSystemResource Vulnerability
16384| [19731] microsoft index server 2.0/indexing services for windows 2000 - Directory Traversal
16385| [19728] Microsoft Systems Management Server 2.0 Default Permissions Vulnerability
16386| [19425] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (2)
16387| [19424] Microsoft Data Access Components (MDAC) <= 2.1,Microsoft IIS 3.0/4.0,Microsoft Index Server 2.0,Microsoft Site Server Commerce Edition 3.0 i386 MDAC RDS Vulnerability (1)
16388| [19376] Microsoft IIS 2.0/3.0/4.0 ISAPI GetExtensionVersion() Vulnerability
16389| [19143] "Microsoft Windows ""April Fools 2001"" Vulnerability"
16390| [19118] Microsoft IIS 3.0/4.0,Microsoft Personal Web Server 2.0/3.0/4.0 ASP Alternate Data Streams Vulnerability
16391| [18334] Microsoft Office 2003 Home/Pro 0day
16392| [18087] MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
16393| [18078] Microsoft Excel 2003 11.8335.8333 Use After Free
16394| [18067] Microsoft Excel 2007 SP2 Buffer Overwrite Exploit
16395| [17305] "Microsoft Windows Vista/Server 2008 ""nsiproxy.sys"" Local Kernel DoS Exploit"
16396| [14971] MOAUB #11 - Microsoft Office Word 2007 sprmCMajority Buffer Overflow
16397| [14782] Microsoft Office PowerPoint 2007 DLL Hijacking Exploit (rpawinet.dll)
16398| [14746] Microsoft Office Groove 2007 DLL Hijacking Exploit (mso.dll)
16399| [14744] Microsoft Visio 2003 DLL Hijacking Exploit (mfc71enu.dll)
16400| [12450] Microsoft SharePoint Server 2007 XSS Vulnerability
16401| [10068] Microsoft Windows 2000-2008 Embedded OpenType Font Engine Remote Code Execution
16402| [4121] Microsoft Excel 2000/2003 Sheet Name Vulnerability PoC
16403| [3973] Microsoft Office 2000 (OUACTRL.OCX 1.0.1.9) - Remote DoS Exploit
16404| [3690] microsoft office word 2007 - Multiple Vulnerabilities
16405| [3260] Microsoft Word 2000 Unspecified Code Execution Exploit (0day)
16406| [2523] Microsoft Office 2003 PPT Local Buffer Overflow PoC
16407| [2091] Microsoft PowerPoint 2003 SP2 Local Code Execution Exploit (french)
16408| [2001] Microsoft Word 2000/2003 Unchecked Boundary Condition Vulnerability
16409| [1999] Microsoft Word 2000/2003 Hlink Local Buffer Overflow Exploit PoC
16410| [1988] Microsoft Excel 2003 Hlink Local Buffer Overflow Exploit (italian)
16411| [1986] Microsoft Excel 2000/2003 Hlink Local Buffer Overflow Exploit (french)
16412| [1958] Microsoft Excel 2003 Hlink Stack/SEH Buffer Overflow Exploit
16413| [28238] Microsoft SharePoint 2013 (Cloud) - Persistent Exception Handling Vulnerability MS13-067
16414| [23034] Microsoft URLScan 2.5/ RSA Security SecurID 5.0 Configuration Enumeration Weakness
16415| [22850] Microsoft Office OneNote 2010 Crash PoC
16416| [22679] Microsoft Visio 2010 Crash PoC
16417| [22655] Microsoft Publisher 2013 Crash PoC
16418| [22621] Microsoft Netmeeting 2.1/3.0.1 4.4.3385 CALLTO URL Buffer Overflow Vulnerability
16419| [22330] Microsoft Office Excel 2010 Crash PoC
16420| [22310] Microsoft Office Publisher 2010 Crash PoC
16421| [22237] Microsoft Office Picture Manager 2010 Crash PoC
16422| [22215] Microsoft Office Word 2010 Crash PoC
16423| [19451] Microsoft Windows 98 a/98 b/98SE,Solaris 2.6 IRDP Vulnerability
16424| [19440] Microsoft Windows NT 4.0/SP 1/SP 2/Sp 3/SP 4/SP 5 Malformed Dialer Entry Vulnerability
16425| [19372] Microsoft Windows NT 4.0/SP 1/SP 2/SP 3/SP 4/SP 5 Null Session Admin Name Vulnerability
16426| [17164] Microsoft Reader <= 2.1.1.3143 NULL Byte Write
16427| [17163] Microsoft Reader <= 2.1.1.3143 Array Overflow
16428| [17162] Microsoft Reader <= 2.1.1.3143 Integer Overflow
16429| [17161] Microsoft Reader <= 2.1.1.3143 Heap Overflow
16430| [17160] Microsoft Reader <= 2.1.1.3143 Integer Overflow
16431| [14731] Microsoft Windows Movie Maker <= 2.6.4038.0 DLL Hijacking Exploit (hhctrl.ocx)
16432| [14723] Microsoft Power Point 2010 DLL Hijacking Exploit (pptimpconv.dll)
16433|
16434| OpenVAS (Nessus) - http://www.openvas.org:
16435| [902250] Microsoft Word 2003 'MSO.dll' Null Pointer Dereference Vulnerability
16436| [900125] Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability
16437| [801597] Microsoft Office Excel 2003 Invalid Object Type Remote Code Execution Vulnerability
16438| [801596] Microsoft Excel 2007 Office Drawing Layer Remote Code Execution Vulnerability
16439| [801594] Microsoft PowerPoint 2007 OfficeArt Atom Remote Code Execution Vulnerability
16440| [800687] Microsoft Windows Server 2003 OpenType Font Engine DoS Vulnerability
16441| [800577] Microsoft Windows Server 2003 win32k.sys DoS Vulnerability
16442| [800343] Microsoft Word 2007 Sensitive Information Disclosure Vulnerability
16443| [103254] Microsoft SharePoint Server 2007 '_layouts/help.aspx' Cross Site Scripting Vulnerability
16444| [11992] Vulnerability in Microsoft ISA Server 2000 H.323 Filter(816458)
16445| [902931] Microsoft Office Remote Code Execution Vulnerabilities - 2720184 (Mac OS X)
16446| [902678] Microsoft Silverlight Code Execution Vulnerabilities - 2681578 (Mac OS X)
16447| [901210] Microsoft Office Privilege Elevation Vulnerability - 2721015 (Mac OS X)
16448|
16449| SecurityTracker - https://www.securitytracker.com:
16450| [1015347] Microsoft Windows 2000 Kernel APC Queue Bug Lets Local Users Gain Elevated Privileges
16451| [1013454] Microsoft Office InfoPath 2003 May Disclose System and Authentication Information to Remote Users
16452| [1013284] Microsoft Windows 2000 and XP Group Policy Can Be Bypassed By Microsoft Office Applications and By Flash Drives
16453| [1010687] Microsoft Windows 2000/NT POSIX Subsystem Buffer Overflow Lets Local Users Gain Elevated Privileges
16454| [1010352] Microsoft Windows 2000 Domains With Eight Characters May Let Remote Users With Expired Passwords Login
16455| [1010189] Microsoft Outlook 2003 Scripting Restrictions Can Be Bypassed By Remote Users
16456| [1010125] Microsoft Outlook 2003 Lets Remote Users Send E-mail to Cause the Recipient's Client to Contact a Remote Server
16457| [1009767] Microsoft Windows 2000 Domain Controller LDAP Flaw May Let Remote Users Restart the Authentication Service
16458| [1008324] Microsoft Exchange 2003 With Outlook Web Access and Windows SharePoint Services May Grant Incorrect E-mail Account Access to Remote Authenticated Users
16459| [1007905] Microsoft Windows Server 2003 Shell Folders Can Be Referenced Using Directory Traversal Characters
16460| [1007238] Microsoft Outlook Web Access Can Be Crashed By Remote Authenticated Users With an Outlook 2003 Client
16461| [1007152] Microsoft Windows 2000 Accessibility Utility Manager Lets Local Users Gain Elevated Privileges
16462| [1007099] Microsoft Windows 2000 ShellExecute() Buffer Overflow May Let Users Execute Arbitrary Code
16463| [1007093] Microsoft Active Directory Stack Overflow in 'Lsaas.exe' Lets Remote Users Crash the Windows 2000 Server
16464| [1006959] Microsoft Windows Server 2003 Drivers May Leak Information From Memory Via Ethernet Packets Containing TCP Streams
16465| [1006580] Microsoft Windows 2003 'win2k.sys' Printing Bug Lets Users Crash the System
16466| [1006534] Microsoft Proxy Service in Proxy Server 2.0 Has Unspecified Flaw That Lets Remote Users Stop Traffic
16467| [1006286] Microsoft Windows 2000/XP PostMessage() API Flaw May Let Local Users Grab Passwords from Local Dialog Boxes
16468| [1006280] Protegrity Secure.Data for Microsoft SQL Server 2000 Contains Buffer Oveflows That Let Remote Users Execute Arbitrary Code
16469| [1005254] Microsoft NT, 2000, and XP Operating Systems May Execute a 16-bit Application Even When The File Has No Execute Permissions
16470| [1005068] Microsoft NTFS Filesystem in Windows NT and Windows 2000 Has Auditing Hole That Lets Local Users Access Files Without the File Access Being Audited
16471| [1004587] Microsoft SQL Server 2000 Buffer Overflow in OpenDataSource() Function May Let Remote Users Gain SYSTEM Privileges on the Server
16472| [1004528] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains an Input Validation Flaw in an XML SQL Tag That Allows Cross-Site Scripting Attacks
16473| [1004527] Microsoft SQLXML Component of Microsoft SQL Server 2000 Contains a Buffer Overflow That Lets Remote Users Take Full Control of the System
16474| [1004407] Microsoft Exchange 2000 Flaw in Processing a Certain Malformed SMTP Command Allows Remote Users to Deny Service to the Server
16475| [1004357] Microsoft Windows Debugging Facility for Windows NT4 and 2000 Has Authentication Hole That Lets Local Users Execute Arbitrary Code with SYSTEM Privileges
16476| [1004083] Microsoft Windows 2000 'microsoft-ds' Service Flaw Allows Remote Users to Create Denial of Service Conditions By Sending Malformed Packets
16477| [1004022] Microsoft Windows 2000 Group Policy Object Enforcement Can Be Circumvented if User License Limits are Exceeded
16478| [1003975] Microsoft Windows NT, 2000, and XP Kernel Buffer Overflow in Processing Multiple UNC Provider (MUP) Requests May Let Local Users Obtain System Level Privileges
16479| [1003949] Microsoft Windows 2000 DCOM Implementation Flaw May Disclose Memory Contents to Remote Users
16480| [1003816] Microsoft Windows 2000 Automatic Log Off Policy Fails to Expire Sessions in Progress
16481| [1003688] Microsoft Exchange Server 2000 Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
16482| [1003687] Microsoft Windows 2000 and Windows XP SMTP Service Command Processing Bug Lets Remote Users Cause the SMTP Service to Crash
16483| [1003634] Microsoft XML Core Services in SQL Server 2000 Lets Remote Scripts Access and Send Local Files
16484| [1003629] Microsoft Commerce Server 2000 AuthFilter Buffer Overflow Lets Remote Users Execute Arbitrary Code on the Server With LocalSystem Privileges to Gain Full Control of the Server
16485| [1003472] Microsoft Telnet Server for Windows 2000 and for Interix Has a Buffer Overflow That May Let Remote Users Execute Code on the Server with System Level Privileges
16486| [1003469] Microsoft Exchange 2000 Server Allows Remote Users to View and Possibly Modify Registry Settings
16487| [1003402] Microsoft Windows NT 4.0 and Windows 2000 Domain Controllers May Give Elevated Privileges to Remote Users Who Are Valid Administrators on Other Trusted Domains
16488| [1002922] Microsoft Windows 2000 Internet Key Exchange (IKE) Service Can Be Crashed By Remote Users
16489| [1002754] Terminal Services on Microsoft Windows 2000 and XP Allow Remote Users to Log Bogus IP Addresses Instead of the User's Genuine Address
16490| [1002731] Microsoft Windows 2000 RunAs Service May Disclose Authentication Credentials to Local Users
16491| [1002730] Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
16492| [1002729] Microsoft Windows 2000 RunAs Service Allows Local Users to Disable the Service
16493| [1002356] Microsoft Outlook 2000 Animated Assistant Prevents the Screen Saver from Activating, Allowing Physically Local Users to Access the System
16494| [1002206] Microsoft Internet Security and Acceleration (ISA) Server 2000 Can Be Disrupted By Remote Users Due to Memory Leaks and Also Allows Cross-Site Scripting Attacks
16495| [1002106] Microsoft Windows 2000 and Windows NT 4.0 RPC Input Validation Failure Lets Remote Users Destabilize the Operating System
16496| [1002099] Microsoft Windows 2000 Telnet Service Can Be Crashed By Remote Users
16497| [1002098] Windows Terminal Services in Microsoft Windows 2000 and NT 4.0 Can Be Crashed By Remote Users Due to a Memory Leak
16498| [1001993] Microsoft Windows 2000, Linux 2.4, NetBSD, FreeBSD, and OpenBSD May Let Remote Users Affect TCP Performance
16499| [1001931] Microsoft Windows 2000 SMTP Service May Allow Unauthorized Remote Users to Relay E-mail via the Service
16500| [1001832] Microsoft Windows 2000 LDAP Server Lets Remote Users Gain Administrator Access to the Domain Controller When Configured to Support LDAP over SSL
16501| [1001701] Microsoft Windows 2000 Telnet Server Allows Local Users to Gain System-Level Privileges and Lets Remote Users Crash the Server
16502| [1001605] Microsoft Windows 2000 Allows Local Users to Elevate Privileges
16503| [1001565] Microsoft IIS Web Server on Windows 2000 Allows Remote Users to Cause the Server to Consume All Available Memory Due to Memory Leak in WebDAV Lock Method
16504| [1001513] Microsoft Windows 2000 Indexing Service Allows Remote Users to View Include Programming Files
16505| [1001501] Microsoft Windows 2000 Domain Controllers Can Be Effectively Halted By Remote Users
16506| [1001464] Microsoft Internet Information Server IIS 5.0 for Windows 2000 Lets Remote Users Execute Arbitrary Code on the Server and Gain Control of the Server
16507| [1001240] Microsoft FTP Client for Windows 2000 Still Vulnerable to Executing Arbitrary Code in Limited Situations
16508| [1001088] Microsoft Internet Explorer with Services for Unix 2.0 Can Create Malicious Files on the User's Host
16509|
16510| OSVDB - http://www.osvdb.org:
16511| [90257] Microsoft Windows Server 2003 ICACLS.EXE Permission Inheritance Weakness
16512| [86790] Microsoft Virtual PC 2007 Crafted x86 Instruction Sequence Handling Local DoS
16513| [86061] Microsoft Windows Server 2008 R1 CSRSS ReadConsole / CloseHandle Local DoS
16514| [79442] Microsoft Windows Server 2008 DNS Server Service Cache Update Policy Deleted Domain Name Resolving Weakness
16515| [72670] Microsoft Windows Server 2003 ActiveDirectory BROWSER ELECTION Remote Overflow
16516| [68554] Microsoft Windows Server 2008 Shared Cluster Disks Addition Default Permission Weakness
16517| [62251] Microsoft Windows Server 2008 Hyper-V Crafted Instruction Sequence DoS
16518| [60329] Microsoft Windows 2000 NetBIOS Continuation Packet Remote DoS
16519| [59733] Microsoft Windows 2000 Terminal Services Screensaver Screen Minimization Locking Weakness
16520| [59731] Microsoft Windows 2000 DCOM Client Alter Context Request Remote Information Disclosure
16521| [59730] Microsoft Windows 2000 Terminal Services Disconnect Feature Local Privilege Escalation
16522| [59514] Microsoft Windows 2000 Task Manager Uppercase Process Name Termination Weakness
16523| [59509] Microsoft Windows 2000 Encrypted File System Cleartext Backup File Local Disclosure
16524| [59346] Microsoft Windows 2000 Crafted TCP/UDP Traffic CPU Consumption Remote DoS
16525| [55836] Microsoft ISA Server 2006 Radius OTP Security Bypass
16526| [53663] Microsoft Office Word 2000 WordPerfect 6.x Converter Document Handling Stack Corruption
16527| [50589] Microsoft SQL Server 2000 sp_replwritetovarbin() Stored Procedure Overflow
16528| [37629] Microsoft Windows 2000 RPC Authentication Unspecified Information Disclosure
16529| [37628] Microsoft Windows 2000 RPC Authentication Crafted Request Remote DoS
16530| [36034] Microsoft Office 2000 Controllo ActiveX (OUACTRL.OCX) HelpPopup Method Overflow
16531| [34489] Microsoft Office 2003 Malformed WMF File Handling DoS
16532| [34488] Microsoft Excel 2003 XLS Handling Corrupt Format DoS
16533| [31251] Microsoft Office 2003 Brazilian Portuguese Grammar Checker Arbitrary Code Execution
16534| [29529] Microsoft Windows 2000 creator.dll ActiveX COM Object Memory Corruption
16535| [29528] Microsoft Windows 2000 msdxm.ocx ActiveX COM Object Memory Corruption
16536| [29527] Microsoft Windows 2000 myinfo.dll ActiveX COM Object Memory Corruption
16537| [29526] Microsoft Windows 2000 ciodm.dll ActiveX COM Object Memory Corruption
16538| [28539] Microsoft Word 2000 Unspecified Code Execution
16539| [24121] Microsoft Commerce Server 2002 authfiles/login.asp Authentication Bypass
16540| [24081] Microsoft Outlook 2003 Unspecified Malformed Word Attachment DoS
16541| [23484] Microsoft SQLServer 2000 sp_addalias Procedure Privileged Alias Creation
16542| [23234] Microsoft SQLServer 2000 Unspecified Invalid Client Buffer DoS
16543| [23231] Microsoft SQL Server 2000 SQL Profiler Multiple Method DoS
16544| [23205] Microsoft SQLServer 2000 Crafted Sort Command User Mode Scheduler (UMS) Bypass DoS
16545| [23203] Microsoft SQL Server 2000 Database Name Transact-SQL Statement Privilege Escalation
16546| [23202] Microsoft SQLServer 2000 sysmembers Virtual Table Query Overflow
16547| [23201] Microsoft SQL Server 2000 Dynamic Transact-SQL Statement Disclosure
16548| [23200] Microsoft SQLServer 2000 Encrypted Stored Procedure Dynamic Query Disclosure
16549| [21907] Microsoft Office InfoPath 2003 Mshtml.dll Form Handling DoS
16550| [21598] Microsoft Windows 2000 NetBIOS Port Malformed TCP Packet Parsing Remote DoS
16551| [20256] Microsoft Windows 2000 NTFS Volume Macintosh Client Directory Permission Modification
16552| [20222] Microsoft Windows 2000 runas.exe Named Pipe Spoofing Information Disclosure
16553| [20221] Microsoft Windows 2000 runas.exe Named Pipe Single Thread DoS
16554| [20220] Microsoft Windows 2000 runas.exe Cleartext Authentication Information Disclosure
16555| [20002] Microsoft Windows 2000 CHKDSK Fix Mode File ACL Failure
16556| [20001] Microsoft Windows 2000 Terminal Service Client Connection IP Logging Failure
16557| [20000] Microsoft Windows 2000 Domain Administrator Computer Lock Bypass
16558| [19999] Microsoft Windows 2000 FQDN Domain Login Password Expiry Bypass
16559| [19998] Microsoft Windows 2000 UPN Credentialed Login Group Policy Failure
16560| [19997] Microsoft Windows 2000 WideCharToMultiByte Function String Termination Issue
16561| [19996] Microsoft Windows 2000 Event ID 1704 Group Policy Failure
16562| [19995] Microsoft Windows 2000 SECEDIT Long Folder ACL Set Issue
16563| [19994] Microsoft Windows 2000 audit directory service access 565 Event Logging Failure
16564| [19993] Microsoft Windows 2000 LDAPS CA Trust Issue
16565| [19264] Microsoft Exchange Server 2003 Crafted IMAP4 Folder Listing Request DoS
16566| [17031] Microsoft ISA Server 2000 SecureNAT Traffic Saturation DoS
16567| [15343] Microsoft Windows Server 2003 Malformed HTTP Cookie Header CGI DoS
16568| [15341] Microsoft Windows Server 2003 SMB Redirector Processing DoS
16569| [15340] Microsoft Windows Server 2003 Terminal Service Client Print DoS
16570| [15338] Microsoft Windows Server 2003 Terminal Session Close DoS
16571| [15337] Microsoft Windows Server 2003 CreateProcessWithLogonW() Function Process Disclosure
16572| [15336] Microsoft Windows Server 2003 Shutdown.exe Shut Down Failure
16573| [15335] Microsoft Windows Server 2003 MIT Kerberos Realm Authentication Group Policy Failure
16574| [15334] Microsoft Windows Server 2003 Shared Folder Permission Weakness
16575| [15333] Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
16576| [15332] Microsoft Windows Server 2003 Citrix Metaframe Encryption Policy Failure
16577| [15331] Microsoft Windows Server 2003 Home Folder Path Permission Inheritance Failure
16578| [14617] Microsoft Exchange Server 2003 Folder Handling DoS
16579| [14430] Microsoft Commerce Server 2000 Profile Service Affected API Overflow
16580| [13996] Microsoft Windows 2000 IKE Malformed Packet Saturation Remote DoS
16581| [13762] Microsoft 2000 Domain Controller Directory Service Restore Mode Blank Password
16582| [13761] Microsoft Exchange 2000 Malformed URL Request DoS
16583| [13475] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution Variant
16584| [13474] Microsoft Windows 2000 Telnet Service Predictable Named Pipe Arbitrary Command Execution
16585| [13441] Microsoft Windows 2000 Security Interface Change Password Option Account Enumeration
16586| [13437] Microsoft Windows 2000 Debug Register Local Privilege Escalation
16587| [13424] Microsoft Windows 2000 Current Password Change Policy Bypass
16588| [13423] Microsoft Windows 2000 Terminal Server SYSVOL Share Connection Saturation Restriction Bypass
16589| [13415] Microsoft Windows 2000 System Root Folder Search Path Permission Weakness
16590| [13410] Microsoft Windows 2000 Accessibility Utility Manager Arbitrary Code Execution
16591| [11958] Microsoft Outlook 2003 Image Rendering Security Policy Bypass
16592| [11945] Microsoft Outlook 2002 IFRAME Tag Embedded URL
16593| [11944] Microsoft Outlook 2002 HREF Tag Embedded JavaScript Execution
16594| [11750] Microsoft Windows 2000 Message Queue Manager Queue Registration Request Overflow DoS
16595| [11712] Microsoft ISA Server 2000 H.323 Filter Overflow
16596| [10633] Microsoft Windows 2000 Protected Store Weak Encryption Default
16597| [9386] Microsoft Windows 2000 msinfo32.exe msinfo_file Variable Overflow
16598| [8243] Microsoft SMS Port 2702 DoS
16599| [7202] Microsoft PowerPoint 2000 File Loader Overflow
16600| [7179] Microsoft Windows 2000 Event Viewer Snap-in Overflow
16601| [6971] Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
16602| [6970] Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
16603| [6969] Microsoft ISA Server 2000 Invalid DNS Request DoS
16604| [6968] Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
16605| [6967] Microsoft ISA Server 2000 UDP Packet Winsock DoS
16606| [6965] Microsoft ISA Server 2000 SSL Packet DoS
16607| [6964] Microsoft ISA Server 2000 DNS Intrusion Detection Filter DoS
16608| [6515] Microsoft Windows 2000 Domain Expired Account Authentication
16609| [5179] Microsoft Windows 2000 microsoft-ds DoS
16610| [5171] Microsoft Word 2002 Mail Merge Tool Execute Arbitrary Script
16611| [4779] Microsoft Desktop Engine (MSDE) 2000 Stored Procedure SQL Injection
16612| [4778] Microsoft SQL Server 2000 Stored Procedure SQL Injection
16613| [4777] Microsoft Desktop Engine (MSDE) 2000 Database Consistency Checkers (DBCCs) Overflow
16614| [4776] Microsoft SQL Server 2000 Database Consistency Checkers (DBCCs) 2000 Overflow
16615| [4170] Microsoft Windows 2000 Server Media Services TCP Packet Handling Remote DoS
16616| [4168] Microsoft Outlook 2002 mailto URI Script Injection
16617| [3490] Microsoft Exchange 2003 OWA Mailbox Access Information Disclosure
16618| [2705] Microsoft Windows 2000 Windows Troubleshooter ActiveX Overflow
16619| [2655] Microsoft Windows Server 2003 Shell Folders Arbitrary File Access
16620| [2540] Microsoft Windows 2003 Server Buffer Overflow Protection Mechanism Bypass
16621| [2244] Microsoft Windows 2000 ShellExecute() API Let
16622| [2237] Microsoft Windows 2000 Active Directory Lsass.exe Overflow
16623| [1949] Symantec Norton Anti-Virus for Microsoft Exchange 2000 INBOX Path Information Disclosure
16624| [1764] Microsoft Windows 2000 Domain Controller DoS
16625| [1758] Microsoft Windows 2000 Network DDE Escalated Privileges
16626| [1755] Microsoft Windows 2000 RDP Malformed Packet Handling Remote DoS
16627| [1672] Microsoft Windows 2000 Telnet Session Timeout DoS
16628| [1633] Microsoft Windows 2000 System Monitor ActiveX LogFileName Parameter Validation Overflow
16629| [1621] Microsoft Indexing Services for Windows 2000 .htw XSS
16630| [1591] Microsoft Windows 2000 OEMPreinstall Installation Permission Weakness
16631| [1578] Microsoft Windows 2000 Simplified Chinese IME Local Privilege Escalation
16632| [1500] Microsoft Word / Excel / Powerpoint 2000 Object Tag Buffer Overflow
16633| [1437] Microsoft Windows 2000 Telnet Server Binary Zero Parsing Remote DoS
16634| [1399] Microsoft Windows 2000 Windows Station Access
16635| [1328] Microsoft Office 2000 UA Control ActiveX (Ouactrl.ocx) Show Me Function Remote Code Execution
16636| [1297] Microsoft Windows 2000 Active Directory Object Attribute
16637| [1292] Microsoft Windows NT 4.0 / 2000 cmd.exe Buffer Overflow
16638| [773] Microsoft Windows 2000 Group Policy File Lock DoS
16639| [515] Microsoft Windows 2000 LDAP Server Arbitrary User Password Modification
16640| [454] Microsoft Windows 2000 NTLM Domain Account Lockout Policy Bypass
16641| [403] Microsoft Windows 2000 Still Image Service WM_USER Message Local Overflow
16642| [398] Microsoft Windows 2000 Malformed RPC Traffic Local Security Policy Corruption DoS
16643| [307] Microsoft FrontPage 2000 Server Extensions shtml.exe Path Disclosure
16644| [69085] Microsoft Office 2010 RTF File Handling pFragments Buffer Overflow Arbitrary Code Execution
16645|_
16646445/tcp closed microsoft-ds
166478080/tcp closed http-proxy
16648Service Info: OS: Windows; CPE: cpe:/o:microsoft:windows
16649#######################################################################################################################################
16650 Anonymous JTSEC #OpTurkey Full Recon #3