The OVAL Repository5.32015-09-03T06:12:12.372-04:00Buffer overflow vulnerability in kavfm.sys in Kingsoft Antivirus 2010.7.30.201 and earlierMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusBuffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and earlier allows local users to execute arbitrary code via a long argument to IOCTL 0x80030004. NOTE: some of these details are obtained from third party information.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDKingsoft Antivirus is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPKingsoft AntivirusKingsoft Antivirus is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVirtual PC and Virtual Server Privileged Instruction Decoding VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005Microsoft Virtual PC 2004Microsoft Virtual PC 2007The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, 2007, and 2007 SP1, and Microsoft Virtual Server 2005 R2 SP1, does not enforce CPU privilege-level requirements for all machine instructions, which allows guest OS users to execute arbitrary kernel-mode code and gain privileges within the guest OS via a crafted application, aka "Virtual PC and Virtual Server Privileged Instruction Decoding Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 R2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Virtual Server 2005 R2The application Microsoft Virtual Server 2005 R2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 Service Pack 1 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2007 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2007 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Enterprise is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Enterprise is installed.Sudhir GandheDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDMicrosoft Virtual PC 2004 Service Pack 1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003The application Microsoft Virtual PC 2004 Service Pack 1 is installed.Sudhir GandheDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Virtual Server 2005 Standard is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Virtual Server 2005The application Microsoft Virtual Server 2005 Standard is installed.Sudhir GandheDRAFTINTERIMACCEPTEDRachana ShettyINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDataGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "DataGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDHierarchical FlexGrid Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Visual Basic 6.0Multiple integer overflows in the Hierarchical FlexGrid ActiveX control (mshflxgd.ocx) in Microsoft Visual Basic 6.0 and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allow remote attackers to execute arbitrary code via crafted (1) Rows and (2) Cols properties to the (a) ExpandAll and (b) CollapseAll methods, related to access of incorrectly initialized objects and corruption of the "system state," aka "Hierarchical FlexGrid Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMasked Edit Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDAccess Control VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Office SharePoint Server 2007Microsoft Search Server 2008Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft Search Server 2008 do not properly perform authentication and authorization for administrative functions, which allows remote attackers to cause a denial of service (server load), obtain sensitive information, and "create scripts that would run in the context of the site" via requests to administrative URIs, aka "Access Control Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Search Server 2008 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Search Server 2008 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA For Exchange Server Parsing XSS VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified HTML, a different vulnerability than CVE-2008-2247.Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 SP1 is installed.Jeff ItoDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDCharts Control Memory Corruption VulnerabilityMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0Microsoft Visual FoxProMicrosoft Visual Studio .NET 2002Microsoft Visual Studio .NET 2003The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 does not properly handle errors during access to incorrectly initialized objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to corruption of the "system state," aka "Charts Control Memory Corruption Vulnerability."Sudhir GandheDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2002 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Visual Studio .NET 2002 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio .NET 2003 SP1 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Visual Studio .NET 2003 SP1 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDRobert L. HollisACCEPTEDBrendan MilesINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft Visual Basic 6.0 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual Basic 6.0The application Microsoft Visual Basic 6.0 is installed.SecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Visual FoxPro is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Visual FoxProMicrosoft Visual FoxPro is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA For Exchange Server Data Validation XSS VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerCross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) for Exchange Server 2003 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified e-mail fields, a different vulnerability than CVE-2008-2248.Jeff ItoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2003 Service Pack 2 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2003Exchange Server 2003 SP2 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDACCEPTEDMicrosoft SharePoint page content vulnerabilities – CVE-2015-1700 (MS15-047)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows 8Microsoft SharePoint Server 2007Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, and SharePoint Foundation 2013 SP1 allow remote authenticated users to execute arbitrary code via crafted page content, aka "Microsoft SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1636 (MS15-022)Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 Gold and SP1 and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDOutlook Web App token spoofing vulnerability (CVE-2014-6319) - MS14-075Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 CU 6 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Exchange Server 2013Microsoft Exchange Server 2013 CU 6 is installed. Microsoft Exchange Server is calendaring software, a mail server and contact manager developed by Microsoft.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 (no Service Pack) is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 (no Service Pack) is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJeff ChengINTERIMACCEPTEDJeff ItoINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint xss vulnerability – CVE-2015-1633 (MS15-022)Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Windows Server 2008 R2Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2, SharePoint Server 2010 SP2, SharePoint Foundation 2013 Gold and SP1, and SharePoint Server 2013 Gold and SP1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted request, aka "Microsoft SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDSharePoint elevation of privilege vulnerability - CVE-2014-4116 (MS14-073)Microsoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2010 SP2 allows remote authenticated users to inject arbitrary web script or HTML via a modified list, aka "SharePoint Elevation of Privilege Vulnerability."SecPod TeamDRAFTKumarswamy SINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4068) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Response Group Service in Microsoft Lync Server 2010 and 2013 and the Core Components in Lync Server 2013 do not properly handle exceptions, which allows remote attackers to cause a denial of service (daemon hang) via a crafted call, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDLync Denial of Service vulnerability (CVE-2014-4071) - MS14-055Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Windows 8.1Microsoft Windows Server 2012 R2Microsoft Lync Server 2013Microsoft Lync Server 2010The Server in Microsoft Lync Server 2013 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon hang) via a crafted request, aka "Lync Denial of Service Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Lync Server 2010Microsoft Lync Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows 8Microsoft Windows Server 2012Microsoft Lync Server 2013Microsoft Lync Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to spoof web sites via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not ensure that the SSL lock icon is consistent with the Address bar, which makes it easier for remote attackers to spoof web sites via a crafted HTML document that triggers many HTTPS requests to an arbitrary host, followed by an HTTPS request to a trusted host and then an HTTP request to an untrusted host, a related issue to CVE-2013-1450.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDAllows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML documentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 8 and 9, when the Proxy Settings configuration has the same Proxy address and Port values in the HTTP and Secure rows, does not properly reuse TCP sessions to the proxy server, which allows remote attackers to obtain sensitive information intended for a specific host via a crafted HTML document that triggers many HTTPS requests and then triggers an HTTP request to that host, as demonstrated by reading a Cookie header, aka MSRC 12096gd.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerability (CVE-2014-2816) - MS14-050Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint Foundation 2013 Gold and SP1 allow remote authenticated users to gain privileges via a Trojan horse app that executes a custom action in the context of the SharePoint extensibility model, aka "SharePoint Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service (memory corruption) by leveraging access to a Low integrity process.Microsoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows 7Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 9Microsoft Internet Explorer 10Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, allows remote attackers to bypass Protected Mode or cause a denial of service (memory corruption) by leveraging access to a Low integrity process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 9 is installedMicrosoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 9A version of Microsoft Internet Explorer 9 is installed.Shane ShafferDRAFTINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDWeb Applications Page Content Vulnerability (CVE-2014-1813) - MS14-022Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Windows 8Microsoft Office Web Apps 2010Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.1.32, 4.2.24, and 4.3.10 allows local users to affect confidentiality, integrity, and availability via vectors related to Graphics driver (WDDM) for Windows guests.Maria MikhnoDRAFTINTERIMACCEPTEDACCEPTEDSharePoint XSS Vulnerability (CVE-2014-1754) - MS14-022Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2013 Client Components SDKCross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 2013 Client Components SDK allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 Client Components SDK is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2013 Client Components SDKMicrosoft SharePoint Server 2013 Client Components SDK is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 SP1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 SP1 is installedSecPod TeamDRAFTMaria MikhnoINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 SP1 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2Microsoft SharePoint Server 2013Microsoft SharePoint Server 2013 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0981)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxVBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, 4.0.x before 4.0.24, 4.1.x before 4.1.32, 4.2.x before 4.2.24, and 4.3.x before 4.3.8, when using 3D Acceleration allows local guest OS users to execute arbitrary code on the Chromium server via crafted Chromium network pointer in a (1) CR_MESSAGE_READBACK or (2) CR_MESSAGE_WRITEBACK message to the VBoxSharedCrOpenGL service, which triggers an arbitrary pointer dereference and memory corruption. NOTE: this issue was MERGED with CVE-2014-0982 because it is the same type of vulnerability affecting the same set of versions. All CVE users should reference CVE-2014-0981 instead of CVE-2014-0982.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the VirtualBox component in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8 when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server (CVE-2014-0983)Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxMultiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0404Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0404.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.22, and 4.3.6 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability, a different vulnerability than CVE-2014-0406Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect integrity and availability via unknown vectors related to Core, a different vulnerability than CVE-2014-0406.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization VirtualBox 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows 8.1Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2012 R2VirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.20, 4.0.22, 4.1.30, 4.2.20, and 4.3.4 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.Maria KedovskayaDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5763) - MS13-105Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Maintenance. NOTE: the original disclosure of this issue erroneously mapped it to CVE-2013-3624.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Page Content Vulnerabilities (CVE-2013-5059) - MS13-100Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Microsoft Office Web Apps Server 2013Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web Apps 2013, allows remote attackers to execute arbitrary code via crafted page content, aka "SharePoint Page Content Vulnerabilities."SecPod TeamDRAFTINTERIMINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Office Web Apps Server 2013Microsoft Office Web Apps Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOWA XSS Vulnerability (CVE-2013-5072) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Cross-site scripting (XSS) vulnerability in Outlook Web Access in Microsoft Exchange Server 2010 SP2 and SP3 and 2013 Cumulative Update 2 and 3 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "OWA XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities (CVE-2013-5791) - MS13-105Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Windows Server 2008Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2010Microsoft Exchange Server 2007Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.0 and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters. NOTE: the previous information is from the October 2013 CPU. Oracle has not commented on claims from a third party that the issue is a stack-based buffer overflow in the Microsoft Access 1.x parser in vsacs.dll before 8.4.0.108 and before 8.4.1.52, which allows attackers to execute arbitrary code via a long field (aka column) name.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 3 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDCross-site scripting vulnerability in Microsoft SharePoint (CVE-2013-3180) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2013Microsoft SharePoint Server 2010Microsoft SharePoint Server 2013Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 SP1 and SP2 and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted POST request, aka "POST XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2013 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2013Microsoft SharePoint Foundation 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 Service Pack 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3849) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3847) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDWord memory corruption vulnerability in Microsoft SharePoint (CVE-2013-3857) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1 and SP2, Word Web App 2010 SP1 and SP2 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1 and SP2, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 2 is installedSecPod TeamDRAFTMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 2 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP2 is installedSecPod TeamDRAFTINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDMemory corruption vulnerability in Microsoft SharePoint (CVE-2013-3858) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web AppsMicrosoft SharePoint Server 2010Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3848, and CVE-2013-3849.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in Microsoft SharePoint (CVE-2013-3848) - MS13-067Microsoft Windows 2000Microsoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Server 2010Microsoft Office Web AppsMicrosoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3847, CVE-2013-3849, and CVE-2013-3858.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Office Web Apps 2010 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Office Web Apps 2010Microsoft Office Web Apps 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-2393 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3776 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3781.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities - CVE-2013-3781 (MS13-061)Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2013Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7, 8.4.0, and 8.4.1 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-3776.SecPod TeamDRAFTPooja ShettyINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 1 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 Cumulative Update 2 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 Cumulative Update 2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2013 is installedMicrosoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Exchange Server 2013Microsoft Exchange Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP3 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP3 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the Management Pack for Oracle GoldenGate Server. Supported versions that are affected are 11.1.1.1.0.
Vulnerability in the Oracle GoldenGate Veridata component of Oracle Fusion Middleware (subcomponent: Server). The supported version that is affected is 3.0.0.11.0. Easily exploitable vulnerability allows successful unauthenticated network attacks via HTTP. Successful attack of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle GoldenGate VeridataMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Oracle GoldenGate DirectorOracle GoldenGate VeridataApache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before 7.0.23 uses an inefficient approach for handling parameters, which allows remote attackers to cause a denial of service (CPU consumption) via a request that contains many parameters and parameter values, a different vulnerability than CVE-2011-4858.Sergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows guest OS users to cause a denial of service (host OS reboot) via unknown vectors.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared FoldersMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality and integrity via unknown vectors related to Shared Folders.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM Virtual Box component in Oracle Virtualization 3.2, 4.0, and 4.1 allows local users to affect availability via unknown vectors related to VirtualBox Core. NOTE: The previous information was obtained from the October 2012 CPU. Oracle has not commented on claims from another vendor that this issue is related to "incorrect interrupt handling."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDCallback Function Vulnerability - MS13-024Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allow remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "Callback Function Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3214 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDSharePoint Directory Traversal Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Directory traversal vulnerability in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to bypass intended read restrictions for content, and hijack user accounts, via a crafted URL, aka "SharePoint Directory Traversal Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDBuffer Overflow Vulnerability - MS13-024Microsoft Windows 2000Microsoft Windows 8Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft Windows XPMicrosoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 SP1 allows remote attackers to cause a denial of service (W3WP process crash and site outage) via a crafted URL, aka "Buffer Overflow Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0418 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0393. NOTE: the previous information was obtained from the January 2013 CPU. Oracle has not commented on claims from an independent researcher that this is a heap-based buffer overflow in the Paradox database stream filter (vspdx.dll) that can be triggered using a table header with a crafted "number of fields" value.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the Oracle VM VirtualBox 4.1 componentMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization 4.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Windows Guest Additions.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-II - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0009.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in Microsoft Exchange Server Could Allow Remote Code Execution - CVE-2013-0393 - MS13-012Microsoft Windows Server 2008Microsoft Windows Server 2003Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 and 8.4 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2013-0418.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-I MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instructionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxSun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause a denial of service (Linux host OS reboot) via a sysenter instruction.Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria KedovskayaDEPRECATEDRSS Feed May Cause Exchange DoS Vulnerability - MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS Feed May Cause Exchange DoS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerability - CVE-2012-3217 (MS13-013)Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In Contains Multiple Exploitable Vulnerabilities-II MS12-080Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7.0 allows context-dependent attackers to affect availability, related to Outside In HTML Export SDK.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDReflected XSS Vulnerability - MS12-062Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3Microsoft Systems Management Server 2003Cross-site scripting (XSS) vulnerability in Microsoft Systems Management Server 2003 SP3 and System Center Configuration Manager 2007 SP2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Reflected XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R2 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 R3 is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft System Center Configuration Manager 2007 R3Microsoft System Center Configuration Manager 2007 R3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 SP2 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 SP2 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Configuration Manager 2007 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft System Center Configuration Manager 2007Microsoft System Center Configuration Manager 2007 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 SP3 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Systems Management Server 2003 is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Systems Management Server 2003Microsoft Systems Management Server 2003 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDXSS Vulnerability - MS12-061Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio Team Foundation Server 2010 SP1 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "XSS Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 Service Pack 1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Visual Studio Team Foundation Server 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Visual Studio Team Foundation Server 2010Microsoft Visual Studio Team Foundation Server 2010 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxUnspecified vulnerability in the VirtualBox component in Oracle Virtualization 4.0, 4.1, and 4.2 allows local users to affect integrity and availability via unknown vectors related to Core. NOTE: The previous information was obtained from the January 2013 Oracle CPU. Oracle has not commented on claims from another vendor that this issue is related to an incorrect comparison in the vga_draw_text function in Devices/Graphics/DevVGA.cpp, which can cause VirtualBox to "draw more lines than necessary."Sergey ArtykhovDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDSystem Center Operations Manager Web Console XSS Vulnerability-I - MS13-003Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 R2Cross-site scripting (XSS) vulnerability in Microsoft System Center Operations Manager 2007 SP1 and R2 allows remote attackers to inject arbitrary web script or HTML via crafted input, aka "System Center Operations Manager Web Console XSS Vulnerability," a different vulnerability than CVE-2013-0010.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 SP1 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007Microsoft System Center Operations Manager 2007 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft System Center Operations Manager 2007 R2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft System Center Operations Manager 2007 R2Microsoft System Center Operations Manager 2007 R2 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in SharePoint could allow information disclosure - MS13-030Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013, in certain configurations involving legacy My Sites, does not properly establish default access controls for a SharePoint list, which allows remote authenticated users to bypass intended restrictions on reading list items via a direct request for a list's location, aka "Incorrect Access Rights Information Disclosure Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2013 is installedMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows Server 2012Microsoft Windows VistaMicrosoft SharePoint Server 2013Microsoft SharePoint Server 2013 is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IVMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2012-0159)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeMicrosoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, and Windows 8 Consumer Preview; Office 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; Silverlight 4 before 4.1.10329; and Silverlight 5 before 5.1.10411 allow remote attackers to execute arbitrary code via a crafted TrueType font (TTF) file, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - XMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IXMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS scriptresx.ashx Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in scriptresx.ashx in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "XSS scriptresx.ashx Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDSharePoint Script in Username Vulnerability - MS12-050Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Microsoft SharePoint Server 2010Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2010 Gold and SP1, SharePoint Foundation 2010 Gold and SP1, and Office Web Apps 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via crafted JavaScript elements in a URL, aka "SharePoint Script in Username Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDKumarswamy SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Server 2010 Service Pack 1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft SharePoint Server 2010Microsoft SharePoint Server 2010 SP1 is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDPooja ShettyINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDTrueType Font Parsing Vulnerability (CVE-2011-3402)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendeeUnspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - IIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDOracle Outside In contains multiple exploitable vulnerabilities - VMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDLync Insecure Library Loading Vulnerability (CVE-2012-1849)Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 AttendantMicrosoft Lync 2010 AttendeeUntrusted search path vulnerability in Microsoft Lync 2010, 2010 Attendee, and 2010 Attendant allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .ocsmeet file, aka "Lync Insecure Library Loading Vulnerability."SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (user level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (user level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendant is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendantMicrosoft Lync 2010 Attendant is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 Attendee (admin level install) is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010 AttendeeMicrosoft Lync 2010 Attendee (admin level install) is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Lync 2010 is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows XPMicrosoft Lync 2010Microsoft Lync 2010 is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDEPRECATED: Integer signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBInteger signedness error in the db2dasrrm process in the DB2 Administration Server (DAS) in IBM DB2 9.1 through FP11, 9.5 before FP9, and 9.7 through FP5 on UNIX platforms allows remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDOracle Outside In contains multiple exploitable vulnerabilities - XIIMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2010Microsoft FAST Search Server 2010 for SharePointUnspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.7 allows context-dependent attackers to affect availability via unknown vectors related to Outside In Filters.SecPod TeamDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft FAST Search Server 2010 for SharePoint is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft FAST Search Server 2010 for SharePointMicrosoft FAST Search Server 2010 for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP3 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2007Microsoft Exchange Server 2007 SP3 is installed.SecPod TeamDRAFTINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDSharath SINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP1 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP1 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2010 SP2 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Exchange Server 2010Microsoft Exchange Server 2010 SP2 is installedSergey ArtykhovDRAFTINTERIMACCEPTEDACCEPTEDXSS in wizardlist.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in wizardlist.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in wizardlist.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .prz attachment. NOTE: some of these details are obtained from third party information.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesIBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in cleartext in SURunAs.exe, which allows local users to obtain sensitive information by examining this file, aka SPR JSTN837SEG.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a Microsoft Office document attachment, aka SPR PRAD8823ND.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXSS in inplview.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in inplview.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesInteger underflow in lzhsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted header in a .lzh attachment that triggers a stack-based buffer overflow, aka SPR PRAD88MJ2W.Scott QuintDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBUnspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as used in IBM DB2 9.5 before FP9 on UNIX, allows local users to gain privileges via unknown vectors.Scott QuintDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDMaria MikhnoDEPRECATEDStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDXSS in themeweb.aspx VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft Office SharePoint Server 2010 Gold and SP1 and SharePoint Foundation 2010 Gold and SP1 allows remote attackers to inject arbitrary web script or HTML via JavaScript sequences in a URL, aka "XSS in themeweb.aspx Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IIMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with "crafted data structures" that trigger the creation of large temporary files, a different vulnerability than CVE-2008-1437.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesArgument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.library option that specifies a UNC share pathname for a DLL file, aka SPR PRAD82YJW2.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDAntiXSS Library Bypass VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Anti-Cross Site Scripting Library V3.xMicrosoft Anti-Cross Site Scripting Library V4.0The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted link in a .rtf attachment, aka SPR PRAD8823JQ.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDDEPRECATED: kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000IBM DB2 UDBkuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 on Linux, allows remote attackers to cause a denial of service (daemon crash) via a certain byte sequence.Aharon CherninDRAFTINTERIMACCEPTEDMaria KedovskayaDEPRECATEDDEPRECATEDIBM DB2 UDB is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM DB2IBM DB2 UDB is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesBuffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a crafted .zip attachment, aka SPR PRAD8E3NSP. NOTE: some of these details are obtained from third party information.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesHeap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via a malformed BIFF record in a .xls Excel spreadsheet attachment, aka SPR PRAD8E3HKR.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDConvert Buffer Overrun Vulnerability in SQL ServerMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft SQL Server 2000Microsoft SQL Server 2000 Desktop Engine (WMSDE)Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.SecPod TeamDRAFTPradeep R BINTERIMACCEPTEDACCEPTEDMicrosoft Malware Protection Engine Vulnerability-IMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for SMTP GatewayMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for SharePointMicrosoft Windows DefenderWindows Live OneCareUnspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted file, a different vulnerability than CVE-2008-1438.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for SharePoint is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for SharePointMicrosoft Forefront Security for SharePoint is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for Exchange is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for ExchangeMicrosoft Antigen for Exchange is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Forefront Security for Exchange Server is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Forefront Security for Exchange ServerMicrosoft Forefront Security for Exchange Server is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Defender is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows 8Microsoft Windows Server 2012Microsoft Windows DefenderMicrosoft Windows Defender is installed.SecPod TeamDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDMicrosoft Antigen for SMTP Gateway is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Antigen for SMTP GatewayMicrosoft Antigen for SMTP Gateway is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Windows Live OneCare is installedMicrosoft Windows 2000Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Windows Live OneCareMicrosoft Windows Live OneCare is installed.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Microsoft Windows 7Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows XPMicrosoft Windows 2000Lotus NotesStack-based buffer overflow in assr.dll in Autonomy KeyView, as used in IBM Lotus Notes before 8.5.2 FP3, allows remote attackers to execute arbitrary code via crafted tag data in an Applix spreadsheet attachment, aka SPR PRAD8823A7.Aharon CherninDRAFTINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDIBM Lotus Notes is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPIBM Lotus NotesIBM Lotus Notes is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox related to Guest Additions for WindowsMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Guest Additions for Windows.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDSergey ArtykhovINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBoxMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors.Shane ShafferDRAFTShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMMaria KedovskayaACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDContact Details Reflected XSS VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows SharePoint Services 3.0Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Windows SharePoint Services 3.0 SP2, and SharePoint Foundation 2010 Gold and SP1, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in a request to a script, aka "Contact Details Reflected XSS Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDXSS in SharePoint Calendar VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in Microsoft Office SharePoint Server 2010 Gold and SP1, and SharePoint Foundation 2010, allows remote attackers to inject arbitrary web script or HTML via the URI, aka "XSS in SharePoint Calendar Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 'AddFavorite' Method Denial of Service VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 7Microsoft Internet Explorer 8Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 through 8 spoofing vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDEditform Script Injection VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 2010Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft Office SharePoint Server 2010 and SharePoint Foundation 2010 allows remote attackers to inject arbitrary web script or HTML via a post, aka "Editform Script Injection Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2010 is installed.Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2010Microsoft Office SharePoint Server 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDChandan SINTERIMACCEPTEDACCEPTEDMicrosoft SharePoint Foundation 2010 is installedMicrosoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2012Microsoft Windows 8Microsoft SharePoint Foundation 2010Microsoft SharePoint Foundation 2010 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDBhavya KINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in Apache Tomcat 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat 7.0.11, when web.xml has no login configuration, does not follow security constraints, which allows remote attackers to bypass intended access restrictions via HTTP requests to a meta-data complete web application. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1088 and CVE-2011-1419.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDTMG Firewall Client Memory Corruption VulnerabilityMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Forefront Threat Management Gateway 2010 ClientThe NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer cross-site scripting (XSS) vulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 8The XSS Filter in Microsoft Internet Explorer 8 does not properly perform neutering for the SCRIPT tag, which allows remote attackers to conduct cross-site scripting (XSS) attacks against web sites that have no inherent XSS vulnerabilities, a different issue than CVE-2009-4074.Dragos PrisacaDRAFTBrandon ShillingINTERIMACCEPTEDACCEPTEDSQL Injection vulnerability in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used.Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the MySQLi extension is used, does not properly interact with use of the mysqli_fetch_assoc function, which might make it easier for context-dependent attackers to conduct SQL injection attacks via crafted input that had been properly handled in earlier PHP versions.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInteger overflow vulnerability in the mt_rand function in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaPHPInteger overflow in the mt_rand function in PHP before 5.3.4 might make it easier for context-dependent attackers to predict the return values by leveraging a script's use of a large max parameter, as demonstrated by a value that exceeds mt_getrandmax.SecPod TeamDRAFTINTERIMShane ShafferACCEPTEDACCEPTEDUnspecified vulnerability in Oracle VM VirtualBox 4.0Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPOracle VM VirtualBoxUnspecified vulnerability in Oracle VM VirtualBox 4.0 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Extensions.SecPod TeamDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDACCEPTEDVirtualBox is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPVirtualBoxVirtualBox is installedSecPod TeamDRAFTINTERIMACCEPTEDJosh TurpinINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDNULL byte injection vulnerability in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP before 5.3.4 accepts the \0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\0.jpg at the end of the argument to the file_exists function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPUse-after-free vulnerability in the Zend engine in PHP before 5.2.15 and 5.3.x before 5.3.4 might allow context-dependent attackers to cause a denial of service (heap memory corruption) or have unspecified other impact via vectors related to use of __set, __get, __isset, and __unset methods on objects accessed by a reference.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDDenial of service vulnerability in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 in IMAP extensionMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPDouble free vulnerability in the imap_do_open function in the IMAP extension (ext/imap/php_imap.c) in PHP 5.2 before 5.2.15 and 5.3 before 5.3.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDVulnerability in the iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe iconv_mime_decode_headers function in the Iconv extension in PHP before 5.3.4 does not properly handle encodings that are unrecognized by the iconv and mbstring (aka Multibyte String) implementations, which allows remote attackers to trigger an incomplete output array, and possibly bypass spam detection or have unspecified other impact, via a crafted Subject header in an e-mail message, as demonstrated by the ks_c_5601-1987 character set.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDInformation disclosure vulnerability in HTTP BIO connector in Apache Tomcat 7.0.x through 7.0.11Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatThe HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDApache Tomcat is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPApache TomcatApache Tomcat is installedSecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer PDF Printing Information DisclosureMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2008Microsoft Internet Explorer 6Microsoft Internet Explorer 7Microsoft Internet Explorer 8The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page.Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 7 is installedMicrosoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Internet Explorer 7A version of Microsoft Internet Explorer 7 is installed.Sudhir GandheDRAFTINTERIMAndrew ButtnerACCEPTEDBrendan MilesINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDACCEPTEDMicrosoft Internet Explorer 6 is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Internet Explorer 6The application Microsoft Internet Explorer 6 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDMatthew WojcikINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDBrendan MilesINTERIMACCEPTEDPreeti SubramanianINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDVulnerability in the Standard PHP Library (SPL) extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe SplFileInfo::getType function in the Standard PHP Library (SPL) extension in PHP before 5.3.4 on Windows does not properly detect symbolic links, which might make it easier for local users to conduct symlink attacks by leveraging cross-platform differences in the stat structure, related to lack of a FILE_ATTRIBUTE_REPARSE_POINT check.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDRace condition vulnerability in the PCNTL extension in PHP before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPRace condition in the PCNTL extension in PHP before 5.3.4, when a user-defined signal handler exists, might allow context-dependent attackers to cause a denial of service (memory corruption) via a large number of concurrent signals.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDStack based buffer overflow vulnerability in Novell File Reporter (NFR) before 1.0.2Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterStack-based buffer overflow in NFRAgent.exe in Novell File Reporter (NFR) before 1.0.2 allows remote attackers to execute arbitrary code via unspecified XML data.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDNovell File Reporter is installedMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPNovell File ReporterNovell File Reporter is installedSecPod TeamDRAFTINTERIMACCEPTEDMaria KedovskayaINTERIMACCEPTEDACCEPTEDExchange Server Infinite Loop VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Exchange ServerMicrosoft Exchange Server 2007 SP2 on the x64 platform allows remote authenticated users to cause a denial of service (infinite loop and MSExchangeIS outage) via a crafted RPC request, aka "Exchange Server Infinite Loop Vulnerability."Dragos PrisacaDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Exchange Server 2007 SP2 is installedMicrosoft Windows Server 2003Microsoft Windows Server 2008Exchange Server 2007 SP2 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDACCEPTEDSecurity bypass vulnerability in the extract function in PHP before 5.2.15Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPThe extract function in PHP before 5.2.15 does not prevent use of the EXTR_OVERWRITE parameter to overwrite (1) the GLOBALS superglobal array and (2) the this variable, which allows context-dependent attackers to bypass intended access restrictions by modifying data structures that were not intended to depend on external input, a related issue to CVE-2005-2691 and CVE-2006-3758.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDMSO Large SPID Read AV VulnerabilityMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows Server 2003Microsoft Windows VistaMicrosoft Windows Server 2008Microsoft Windows 7Microsoft Office XPMicrosoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allow remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption, aka "MSO Large SPID Read AV Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office XP is installedMicrosoft Windows 2000Microsoft Windows XPMicrosoft Windows VistaMicrosoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2The application Microsoft Office XP is installed.Robert L. HollisINTERIMACCEPTEDJonathan BakerINTERIMJonathan BakerACCEPTEDDragos PrisacaINTERIMACCEPTEDShane ShafferINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPStack-based buffer overflow in the GD extension in PHP before 5.2.15 and 5.3.x before 5.3.4 allows context-dependent attackers to cause a denial of service (application crash) via a large number of anti-aliasing steps in an argument to the imagepstext function.SecPod TeamDRAFTINTERIMACCEPTEDACCEPTEDPHP is installedMicrosoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPPHPPHP is installedSecPod TeamDRAFTINTERIMSecPod TeamACCEPTEDACCEPTEDDEPRECATED: Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385Microsoft Windows 2000Microsoft Windows 7Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows VistaMicrosoft Windows XPMicrosoft Internet ExplorerUse-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 8.0.7600.16385 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, involving circular memory references.SecPod TeamDRAFTINTERIMDragos PrisacaDEPRECATEDMaria MikhnoDEPRECATEDMicrosoft Internet Explorer 8 is installedMicrosoft Windows XPMicrosoft Windows VistaMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Windows 7Microsoft Internet Explorer 8A version of Microsoft Internet Explorer 8 is installed.Dragos PrisacaDRAFTINTERIMACCEPTEDDragos PrisacaINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDMaria KedovskayaINTERIMMaria MikhnoACCEPTEDACCEPTEDMalformed Request Code Execution VulnerabilityMicrosoft Windows Server 2003Microsoft Windows Server 2008Microsoft Office SharePoint Server 2007Unrestricted file upload vulnerability in the Document Conversions Launcher Service in Microsoft Office SharePoint Server 2007 SP2, when the Document Conversions Load Balancer Service is enabled, allows remote attackers to execute arbitrary code via a crafted SOAP request to TCP port 8082, aka "Malformed Request Code Execution Vulnerability."Josh TurpinDRAFTINTERIMACCEPTEDACCEPTEDMicrosoft Office SharePoint Server 2007 is installed.Microsoft Windows Server 2003Microsoft Windows Server 2008Microsoft Windows Server 2008 R2Microsoft Office SharePoint Server 2007Microsoft Office SharePoint Server 2007 is installed.Robert L. HollisDRAFTINTERIMACCEPTEDJonathan BakerINTERIMACCEPTEDDavid RothenbergINTERIMACCEPTEDINTERIMDragos PrisacaACCEPTEDChandan SINTERIMACCEPTEDEvgeniy PavlovINTERIMACCEPTEDMaria MikhnoINTERIMACCEPTEDACCEPTEDHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\AntiVirusProgramPathkavfm.sysHKEY_LOCAL_MACHINESOFTWARE\Kingsoft\KISCommon\Install\kiscommonProgramPathHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\768AAF4834783C442BE25B1A2554D677ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\899384DAA9E2504438FFE605A34FC9BBProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\42AAC7A832B7B0147A3C9F490B491406ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\813ACF1D304B0FB43A2E440E1CF2ADD3ProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\EDDFACCCCECE4EA4DB79400767BB4D9AProductNameHKEY_LOCAL_MACHINESOFTWARE\Classes\Installer\Products\0EEDF7F0258333042A16F38A4BEC64C6ProductNameVMM.sysHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Office\12.0\Registration\{90120000-1125-0000-0000-0000000FF1CE}ProductNamemssdmn.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-1015-0409-0000-0000000FF1CE}InstallLocationdevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.0InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.0\S895309Installeddevenv.exeHKEY_LOCAL_MACHINESoftware\Microsoft\VisualStudio\7.1InstallDirHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Visual Studio\7.1\S918007Installedvb6.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\VisualStudio\6.0\Setup\Microsoft Visual BasicProductDirHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Visual FoxPro.*$DisplayNameMschrt20.ocxMscomct2.ocxHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicePackBuildowaauth.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupServicesMicrosoft.SharePoint.Portal.dllmsoserverintl.dllwwintl.dllvutils.dllMsoserver.Dllmicrosoft.office.infopath.server.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Office Server\15.0BinPathxlsrv.dllstswel.dllDeploy.resources.dllMicrosoft.Rtc.Acd.Workflow.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{.*\}$DisplayNamewrtces.dllSIPStack.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Real-Time Communications\{A593FD00-64F1-4288-A6F4-E699ED9DCA35}InstallDirSWORD.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SharePoint Client Components\15.0LocationHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-101F-0401-1000-0000000FF1CE\}_Office15\.WacServer\-\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90150000-1014-0000-1000-0000000FF1CE}_Office15\.OSERVER\{[\w\-]+\}$DisplayNameMicrosoft.Office.Server.Msg.dllwsetupui.dllWsssetup.dllMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.WacServerInstallLocationascalc.dllascalc.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90150000-1014-0000-1000-0000000FF1CE}DisplayNameOnetutil.dllMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERInstallLocationxlsrv.dllOnfda.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-1141\-0407\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERDisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90140000\-112D\-0000\-1000\-0000000FF1CE\}_Office14\.WCSERVER_\{[\w\-]+\}$DisplayNameMsoserver.DllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.WCSERVERInstallLocationWdsrvWorker.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft Exchange v15DisplayNameExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v15\SetupMsiInstallPathHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\[\d]*-[\d]*-[\d]*-[\d]*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle GoldenGate Veridata 3.0.0.11.0DisplayNamevseshr.dllExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathExSetup.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{006CCC4E-4FEB-4ED1-8587-037656905DC8}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CF55004-EEC4-406F-AF05-2291F1395388}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ConfigMgr\SetupFull UI VersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\SMS .*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupFull Versionreportinginstall.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\SMS\SetupInstallation DirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\TeamFoundationServer\10.0InstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Updates\Microsoft Team Foundation Server 2010 - ENU\SP1\KB2182621Microsoft.TeamFoundation.WebAccess.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows NT\CurrentVersionSystemRootHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupServerVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Microsoft Operations Manager\3.0\SetupProductAuditingMessages.dllHKEY_LOCAL_MACHINESoftware\Microsoft\Microsoft Operations Manager\3.0\SetupInstallDirectoryHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office15.OSERVERDisplayNameMicrosoft.office.server.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\{90140000-1014-0000-1000-0000000FF1CE}_Office14\.WSS_\{[\w\-]+}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayVersionMicrosoft.office.server.native.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERInstallLocationOnfda.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorAttendantconsole.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendantConsole.exepathCommunicator.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\CommunicatorInstallationDirectoryogl.dllHKEY_USERS^S-.*\\Software\\Microsoft\\Windows\\CurrentVersion\\App Paths\\AttendeeCommunicator\.exe$pathogl.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\AttendeeCommunicator.exepathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMinorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiProductMajortranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiInstallPathMicrosoft.sharepoint.search.extended.administration.dllHKEY_LOCAL_MACHINESOFTWARE\Microsoft\FAST Search Server\SetupPathtranscodingservice.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\ExchangeServer\v14\SetupMsiInstallPathHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\IBM\DB2DB2 Path Namesqlservr.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\sqlservr.exePathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\MSSQLServer\MSSQLServer\CurrentVersionCurrentVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{22F1877A-DC27-4E3F-A109-55BDB1EEF2DF}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\explorer\ControlPanel\NameSpace\{D8559EB9-20C0-410E-BEDA-7ED416AECC2A}HKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1DDAFF1B-4059-4C8C-BFB6-B79F6F9B88B0}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5660022E-F3F2-4126-8CC5-9726C47150EB}DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for Exchange\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows Defender\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\OneCare Protection\Signature UpdatesEngineVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Exchange Server\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Forefront Server Security\Sharepoint\Scan Engines\MicrosoftEngine VersionHKEY_LOCAL_MACHINESOFTWARE\Sybari Software\Antigen for SMTP\Scan Engines\MicrosoftEngine Versionnotes.exeHKEY_LOCAL_MACHINESOFTWARE\Lotus\NotesPathVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxInstallDirVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxInstallDirOnetutil.dllHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\{90120000-1014-0000-[01]000-0000000FF1CE\}$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Office14.OSERVERDisplayNameHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90140000-1110-0000-1000-0000000FF1CE}DisplayNameEawfap.dllMicrosoft.office.policy.dllOWSSVR.DLLMicrosoft.SharePoint.Taxonomy.dllMicrosoft.SharePoint.Client.dllMicrosoft.office.server.dllFwcmgmt.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Firewall Client 2004InstallRootHKEY_LOCAL_MACHINESOFTWARE\Sun\VirtualBoxHKEY_LOCAL_MACHINESOFTWARE\Sun\xVM VirtualBoxVirtualBox.exeHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxInstallDirHKEY_LOCAL_MACHINESOFTWARE\Oracle\VirtualBoxHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\Apache Tomcat .*$DisplayNameHKEY_LOCAL_MACHINE^SOFTWARE\\Apache Software Foundation\\Tomcat\\[0-9].*$VersionNFRAgent.exeHKEY_LOCAL_MACHINESOFTWARE\NOVELL\File Reporter\AgentInstallPathHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMajorHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Exchange\SetupMsiProductMinorcdoex.dllHKEY_LOCAL_MACHINESOFTWARE\PHPVersionHKEY_LOCAL_MACHINE^Software\\Microsoft\\Office\\10\.0\\Registration\\.*$ProductIDMSO.DLLHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersionCommonFilesDirHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\PHP.*$DisplayNameHKEY_LOCAL_MACHINESOFTWARE\PHPHKEY_LOCAL_MACHINESOFTWARE\PHPVersionHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Internet ExplorerVersionHKEY_LOCAL_MACHINE^SOFTWARE\\Microsoft\\Office\\12\.0\\Registration\\\{90120000-110D-0000-[01]000-0000000FF1CE\}$ProductNamemicrosoft.office.server.conversions.launcher.exeHKEY_LOCAL_MACHINESOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{90120000-10F5-0000-1000-0000000FF1CE}InstallLocation2010.7.30.201Microsoft Virtual Server 2005 R2 SP1Microsoft Virtual PC 2007 SP1Microsoft Virtual PC 2007Microsoft Virtual PC 2004Microsoft Virtual Server 20051.1.465.151.1.465.161.1.656.01.1.598.0Microsoft Search Server 200812.0.6318.500018.0.813.08.1.291.116.1.98.126.1.98.1276386.5.7653.3815.0.4719.100214.0.7149.500012.0.6721.5000Microsoft Exchange Server 2013 Cumulative Update 6015.00.0847.03514.03.0224.00115.00.0995.0348.03.0389.00215.0.4697.100015.0.4631.100014.0.7145.500015.0.4699.100015.0.4701.100014.0.7137.50005.0.8308.4204.0.7577.276^Microsoft Lync Server 2010.*$^Microsoft Lync Server 2013.*$4.0.7577.2305.0.8308.80315.0.4641.1000^9\.0\..*$10.0.8250.014.0.7123.50004.1.304.3.84.2.22^Service Pack 1 for Microsoft Office Web Apps Server .*$^Service Pack 1 for Microsoft SharePoint Server 2013 .*$15.0.4514.100015.0.4561.100015.0.4609.100015.0.4615.10004.2.204.3.64.2.204.3.44.2.184.1.284.2.04.3.24.3.03.2.184.0.2014.0.7011.100015.0.4545.100015.0.4551.1007Microsoft Exchange Server 2013 Cumulative Update 315.0.775.4115.0.712.318.3.342.414.3.174.114.2.390.3^Microsoft SharePoint Foundation 2013 .*$^Service Pack 2 for Microsoft SharePoint Foundation 2010 .*$14.0.7105.500014.0.7005.100014.0.7104.500015.0.4535.1000^Service Pack 2 for Microsoft Office Web Apps.*$14.0.7015.1000^Microsoft.* Office Web Apps$Microsoft Office Web Apps Service Pack 1 (SP1)14.0.7106.500014.0.6112.5000Microsoft Exchange Server 2013 Cumulative Update 1^Microsoft Exchange Server 2013.*$Microsoft Exchange Server 2013 Cumulative Update 215.0.620.3415.0.712.2814.2.375.08.3.327.114.3.158.1^Oracle GoldenGate Director Server 11.1.1.1.0[_\d]*$14.0.6134.50004.2.04.1.08.3.298.314.2.342.22.2.03.0.28.3.7.20714.1.438.014.2.328.108.3.297.2Microsoft System Center Configuration Manager 2007 R2Microsoft System Center Configuration Manager 2007 R3^Microsoft System Center Configuration Manager 2007.*$4.00.6487.2000^.*Microsoft Systems Management Server 2003.*$2.50.4253.30004.0.6487.221610.0.40219.4174.3.04.0.64.0.8System Center Operations Manager 20076.0.6278.0System Center Operations Manager 2007 R26.0.6278.06.1.7221.110Microsoft SharePoint Server 201315.0.4481.1507Microsoft SharePoint Foundation 2010 Service Pack 1 (SP1)14.0.6029.100014.0.6108.500014.0.6106.5000Microsoft Lync 20104.0.7577.40989.79.114.03121414.1.421.28.3.279.414.0.334.1114.2.318.48.07.08.59.7.0.49.7.0.19.58.514.0.6113.500014.0.6114.50018.0.18.5.1.4^Microsoft AntiXSS v(3\.\d|4\.0).*$9.7.0.12000.80.2000.02000.80.2273.02000.80.2050.08.00.194Microsoft Forefront Security for SharePointMicrosoft Antigen for ExchangeMicrosoft Forefront Security for Exchange ServerMicrosoft Antigen for SMTP^Microsoft Windows Live OneCare.*$1.1.3520.00.1.13.1928.5.2.25.27.0.06.06.5.65:0a4.64.2.17.0.43.0.0.18.0.03.0.0.24.0.03.0.43.2.03.0.03.0.63.1.84.1.012.0.6565.5001^Microsoft Windows SharePoint Services 3\.0.*$Microsoft SharePoint Server 2010Microsoft SharePoint Foundation 201014.0.6106.500114.0.6106.500114.0.6106.500814.0.6106.500114.0.6106.500114.0.6106.50017.0.117.0.7734.182^(5\.3\.[23])$4.0.0^(5(\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?))$5.3.4^Apache Tomcat .*$^7\.0\.([0-9]|1[01])$^7\.[0-9.]*$^6\..*$5.3.41.0.4.2828.2.301.05.2.15^.[0-9]+-.[0-9]+-.[0-9]+-.[0-9]+$^.*-OEM-.*$10.0.6867.0^PHP.*$^([0-4](\..*)?|5(\.[0-1](\..*)?|\.2(\.([0-9]|1[0-4]))?|\.3(\.[0-3])?)?)$^8\..*$8.0.7600.16385Microsoft Office SharePoint Server 200712.0.6547.5000security\kxede\System32\drivers12.0\BIN\System32\bin\15.0\WebServices\ConversionServices\1033\15.0\WebServices\ConversionServices\15.0\WebServices\Shared\VisioGraphicsServer\Bin\14.0\WebServices\WordServer\Core\Deployment\de-DE\Application Host\Applications\Response Group\Server\Core\14.0\WebServices\ConversionService\Bin\Converter\Microsoft Shared\SERVER15\Server Setup Controller\WSS.en-us\Microsoft Shared\SERVER15\Server Setup Controller\PPTConversionService\bin\Converter\15.0\bin\15.0\WebServices\ConversionService\Bin\Converter\15.0\bin\Microsoft Shared\web server extensions\15\BIN\14.0\WebServices\ConversionService\Bin\Converter\14.0\WebServices\WordServer\Core\Bin\Bin\Bin\bin\i386^\\assembly\\GAC_MSIL\\Microsoft\.TeamFoundation\.WebAccess\\10\.0\.0\.0__\w+$\Microsoft Shared\web server extensions\15\ISAPI\14.0\bin\Microsoft Shared\web server extensions\14\BINClientAccess\Owa\Bin\DocumentViewingbinClientAccess\Owa\Bin\DocumentViewing\Microsoft Shared\web server extensions\12\BIN\Microsoft Shared\Web Server Extensions\14\ISAPI\Microsoft Shared\CDO\Microsoft Shared\OFFICE1012.0\Bin